BleepingComputer.com: Port Scan Trouble

Hello I have a problem with my firewall. When ever I go to a web site or open mail or open yahoo the firewall flasher red and then I get the message that server cant be found and the firewall pops up a log.
1.
Time 08/15/2008 1:52:07 PM
Security Type Port Scan detected
Severity Major
Direction Inbound
Protocol UDP
Local IP 192.168.1.64
Remote Host 192.168.1.254
Application Involved SYSTEM
Count 1

when I open the firewall log or click exit then everything woks fine. It blocks the 192.168.1.254
I ran ipconfig and this is what I got.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain.invalid
IP Address. . . . . . . . . . . . : 192.168.1.64
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254

Any thoughts on how to fix this?
Thanks for any help :-)

Which firewall are you using? And do you have it set to allow normal network traffic to and from your router?

That IP/IP range is Internal. Seems like the "port scan" is coming from your router.

systemsuite 8 yes both the pc and the laptop is set on trusted network. The pc is wired and the laptop is wireless if that helps any.

TulShulty, on Aug 29 2008, 03:44 PM, said:

Doesn't change a thing re wired vs wireless. They are both going through the same router no? It looks as though your firewall thinks that the router is not part of the trusted network for some reason. I wonder why. There's a lot of normal traffic to and from a router, and it looks like your firewall is confused about what's what.

Quote

That doesn't give much info actually. All it says is that your internal IP is being contacted by the router, and that it's the SYSTEM account priviledge calling for it. No other info as to which ports are actually involved and in what way? I mean any IP that starts with 192.168.x.x is part of your LAN. No firewall should think that there's an attack coming from within under normal circumstances. Do check your firewall settings to ensure you aren't blocking normal traffic.

Is this the one?

yes that is the one. I just doubled checked and both are set on trusted network. I wonder if I didnt set up my network right but they both can see each other and share files and things without trouble. It was all working fine till Aug 14. I wonder if they updated the firewall and some setting didnt get updated.

Connection-specific DNS Suffix . : domain.invalid
IP Address. . . . . . . . . . . . : 192.168.1.64
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254

what is the default gateway? is that the siemens router?
thank you again :-)

TulShulty, on Aug 29 2008, 04:13 PM, said:

Yes. The default gateway is the router normally. That's how the computer knows where to get its information from to be able to access the internet outside of your network. The router is the one that is actually talking to the rest of the net, you're just patched into the router. But the firewall should see remote IPs when you make a connection, and not just the router's and vice versa. If the incoming traffic were from the outside of your LAN (i.e. not the router), then the IP should be a valid one.

Subnet Mask . . . . . . . . . . . : 255.255.255.0
what is that?

should these 2 IP address be the same?
IP Address. . . . . . . . . . . . : 192.168.1.64
Default Gateway . . . . . . . . . : 192.168.1.254

This post has been edited by TulShulty: 29 August 2008 - 04:56 PM

TulShulty, on Aug 29 2008, 04:29 PM, said:

Here's a good explanation of what a subnet is.

Quote

No. They are different machines, with different addresses. The IP Address one is the current machine (in other words, yours). The Default Gateway is explained at the below link.
What is a Default Gateway

Thank You Galadriel :-)

Someone suggested that I open the firewall and add 192.168.1.254 to its allow list so it will see it and stop blocking it. Do you think that would be safe?

TulShulty, on Aug 29 2008, 08:58 PM, said:

Well yes. I would think so. Unless the firewall can't make a difference between the traffic coming from the router vs, traffic coming from the outside of the network (i.e. the internet).