• I have a REALLY weird firewall log here. I just noticed the insane amount of sniffing going on. It seems as if every IP in the world is trying to kill me…..

  • Well, it's not "sniffing" or port-scanning, it's just multiple connection attempts to port 12596 over TCP & UDP (blocked by the firewall).

    If your IP is assigned dynamically by your ISP, it's possible that it was previously assigned to someone who ran a service on that port (e.g. a bittorrent tracker). The quickest method to find out if someone is targeting you, would be to just change your (dynamic) IP.

  • LAYER 8 Global Moderator

    Yeah I would not call such low amount of traffic any sort of attack..  The torrent theory fits, does not have to be that you jut got a new IP.  If your using UPnP for your client and it changed ports on you - you going to see traffic to old port for days and days and days.

    If it bothers you, or fills up your logs - prob best to just create a rule to not log it.

    I have a clean up rule that does not log udp – there is just way to too much noise to worry about.