For a while now I'm seeing efforts to systematically scan all ports on the router using a large list of source IP addresses, somewhere in the 25,000+ per day range. Typically every IP address only scans a single port, likely to stay below the radar, though often they probe both TCP and UDP for said port.
On their own these individual probes look mostly harmless, but if you look at all the ports combined you're starting to see a very systematic, orchestrated effort.
Is anyone else seeing this? The data is submitted to DSHIELD, so perhaps someone could check if how wide-spread this is.
Jul 27th 2015
5 years ago