I have absolutely no idea where you got the impression that I was, or am, scanning the LAN side of my router.
I have repeatedly said that I am using Shields Up - and you do apparently know what that is and that it looks from the WAN side.
I also know the difference between the DMZ setting on a SoHo router and a real DMZ with two firewalls - I am obviously talking about the DMZ setting on a SoHo router which directs all incoming calls to a nominated internal IP address.
Then you are fortunate. I can show you my logs, or my long-term fail2ban jail. Oh, on one machine I just looked at, I have 205 unique IP address in the 1 year ban jail. That's 21 fails of the 3 fail short term ban, or 63 failures in a relatively short term.
Additionally, I have manually blocked several /24 net blocks in parts of Africa and China. In fact, you can see when the Chinese hackers show up to work, because all of a sudden a quiet ban day gets busy.
Now a days, I see ssh failures from remote hosts of 1 or 2 each, but many many many different IP addresses. If they get my ire up, I'll just toast some more /24 netblocks.
--
Consulting Minister for Consultants, DNRC
I can please only one person per day. Today is not your day. Tomorrow
isn't looking good, either.
I am BOFH. Resistance is futile. Your network will be assimilated.
Never seen that meaning of DMZ before. The NAT routers I've used have called that Port Forwarding and none have provided the option of mass forwarding ALL the ports to an internal IP.
--
martin@ | Martin Gregorie
gregorie. | Essex, UK
org |
You need to see more home routers then as it's been standard on every D-Link, Netgear, TP-Link & Linksys home router I've ever seen.
DMZ is the extreme case of port forwarding. The difference being that whilst the item in the DMZ is on the LAN side, it is isolated from all the other LAN traffic.
On Sun, 2 Aug 2015 18:42:49 +0000 (UTC), Martin Gregorie declaimed the following:
Whereas all the routers I've owned (Linksys) have ALL had DMZ mode
""" Applications and Gaming ? DMZ
The DMZ feature allows one network device to be exposed to the Internet for use of a special-purpose service, such as online gaming. The Router forwards all the ports at the same time to the DMZ device.
Note: After you have made your changes, click Save Settings to apply your changes.
DMZ
Enabled/Disabled
To expose one computer as the DMZ device, select Enabled. """
Whereas selective port forwarding only showed up on the newer routers.
""" Applications and Gaming - Single Port Forwarding
Single Port Forwarding allows you to customize port services for various applications. When users send these types of requests to your network via the Internet, the Router will forward those requests to the appropriate computers (also called servers).
Note: After you have made your changes, click Save Settings to apply your changes.
Single Port Forwarding
Application Name
Select the preset application, or enter the name of the custom application. External Port
For a custom application, enter the external port number that accepts incoming traffic.
Internal Port
For a custom application, enter the internal port number that accepts traffic forwarded by the Router.
Protocol
For a custom application, select the protocol(s) used. """
--
Wulfraed Dennis Lee Bieber AF6VN
wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/
yes. the theory being if it gets hacked it doesn't expose the rest of the LAN.
--
New Socialism consists essentially in being seen to have your heart in
the right place whilst your head is in the clouds and your hand is in
someone else's pocket.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.