i have received a security alert email from avast today:
No.001 Mon, 2009-01-19 15:21:08 - UDP Packet - Source:203.109.129.67 Destination:118.92.***.*** - [Firewall Log-PORT SCAN]
...
No.009 Mon, 2009-01-19 15:21:09 - UDP Packet - Source:203.109.129.67 Destination:118.92.***.*** - [Firewall Log-PORT SCAN] No.010 Mon, 2009-01-19 15:21:13 - UDP Packet - Source:203.109.129.68 Destination:118.92.***.*** - [Firewall Log-PORT SCAN]
No.011 Mon, 2009-01-19 15:21:13 - UDP Packet - Source:203.109.129.68 Destination:118.92.***.*** - [Firewall Log-PORT SCAN]
...
No.019 Mon, 2009-01-19 15:21:16 - UDP Packet - Source:192.203.230.10 Destination:118.92.***.*** - [Firewall Log-PORT SCAN] No.020 Mon, 2009-01-19 15:21:16 - UDP Packet - Source:192.203.230.10 Destination:118.92.***.*** - [Firewall Log-PORT SCAN]a quick look around i noticed 203.109.129.67 and 203.109.129.68 are the DNS servers given to by my ISP.
i did a nslookup on 192.203.230.10 and it turns it is DNS root server E.
118.92.***.*** is my external IP the PC that received these errors is behind a router running NAT
so the only thing i could see happening is that it sent a DNS request to 203.109.129.67 or 203.109.129.68 (both are listed as DNS servers in my IP Config)
but i can't see how it could be talking to 192.203.230.10
can someone enlighten me on what is going on.
Thanks
Scott.
