Bitdefender Endpoint Security Tools: Weird Firewall / Port Scanning Alerts. Any Help?

AWilliams
edited February 2023 in Enterprise Security

Helping a friend that uses Bitdefender Endpoint Security Tools for clients.

A PC on client's home network is getting firewall alerts about port scanning. I'm trying some things but lack info - can't log into the router at the house, etc.

This is the situation. Any ideas you can offer?

This win 10 pro PC gets messages similar to this 1 to several times a day. No pattern to the frequency although they come in spurts.

A port scan has been detected and blocked.Local IP: 255.255.255.255. Remote IP: 192.168.1.30. Protocol: UDP (17)

This PC is behind a Netgear router that does DHCP in the 192.168.1.0/24 subnet. This machine is 192.168.1.6

I wanted to get into the router to see if this .30 IP is DHCP. but they don't have the password / I have to go there?

Over the last few days, the remote IP varies - it's been from 192.168.1.30, 28, 23, 20 and 19

And the local IP will be 255.255.255.255 or 239.255.255.255.250 (yeah, 239!?) or 192.168.1.255 or 192.168.1.6 (the IP of this PC).

Most times it's UDP. 1 x a day it's TCP (usually the last of the batch for the day.

Is there a way to print the event log?

When I connect to this pc and run a network scanner and try to ping that remote IP address, i don't get a reply. (so not on the network or just doesn't reply to pings).

Any thoughts?

Here's when the message comes up over the last few days:

Feb 10

1:46 255.255.255.255 192.168.1.30  UDP (17)

10:15 255.255.255.255 192.168.1.30  UDP (17)


Feb 9 

12:25 192.168.1.255  192.168.1.30  UDP (17)

9:10 255.255.255.255 192.168.1.30  UDP (17)

8:58 255.255.255.255 192.168.1.30  UDP (17)

7:49 255.255.255.255 192.168.1.30  UDP (17)

6:57 255.255.255.255 192.168.1.30  UDP (17)


Feb 8 

16:19 255.255.255.255 192.168.1.28  UDP (17)

14:52 255.255.255.255 192.168.1.28  UDP (17)

10:34 192.168.1.6   192.168.1.28  TCP (6)

10:17 255.255.255.250 192.168.1.28  UDP (17)

10:10 255.255.255.255 192.168.1.28  UDP (17)

9:57 255.255.255.255 192.168.1.28  UDP (17) 

5:08 255.255.255.255 192.168.1.28  UDP (17)

5:01 255.255.255.255 192.168.1.28  UDP (17)

4:39 255.255.255.255 192.168.1.28  UDP (17)

3:59 255.255.255.255 192.168.1.28  UDP (17)

3:42 255.255.255.255 192.168.1.28  UDP (17)

3:33 255.255.255.255 192.168.1.28  UDP (17)



Feb 7

7:50 255.255.255.255 192.168.1.23  UDP (17)

7:39 255.255.255.255 192.168.1.23  UDP (17)

7:30 255.255.255.255 192.168.1.23  UDP (17)

7:19 192.168.1.255  192.168.1.23  UDP (17)


Feb 6

17:47 239.255.255.250 192.168.1.20  UDP (17)  

3:25 192.168.1.6   192.168.1.19  TCP (6)

3:17 239.255.255.250 192.168.1.19  UDP (17)

2:51 239.255.255.250 192.168.1.19  UDP (17)

2:23 255.255.255.250 192.168.1.19  UDP (17)

Answers

  • Gjoksi
    Gjoksi Defender of the month mod

    Hello.

    Since you need help with business product, @Alex_Dr or @Andra_B (they both provide support for business products) could take a look here and help you with the issue.

    Also, you can always contact the Bitdefender business support:

    Regards.

  • Thanks. I'm helping out someone else / not my account. So I don't know details to call for support. And we're both running around / haven't had the chance to ask him if I could / should call support.

    And my experience, which doesn't include Bitdefender, is that unfortunately, vendor support in general isn't as good as users on the web : ) I might be pleasantly surprised with Bitdefender.

  • Alex_Dr
    Alex_Dr Quality & Customer Experience Specialist BD Staff

    Hello @AWilliams,


    I do apologize for the late reply.

    In this case i strongly recommend contacting the Bitdefender Enterprise Support team, details are in the below link, if you wish to contact via phone or e-mail:


    Contact (bitdefender.com)

    Best regards,

    Alex D.