I downloaded the firewall log for the last 90-days from Technicolor CGM4140COM with its firewall configuration set to Typical Security for both IPv4 and IPv6, and noticed 26,054 to 64,233 attempts at a time for almost every 7 days (Mondays at 15:58:01) between June, 2019, to September, 2019 (at this posting.) Is there a way to find out what constitute the WANATTACK classification? Based on the number in a very short span of time it seems these are some sort of port scans (as there are 65,536 TCP ports) but it would be nice to confirm this.
I called Comcast and requested for a new MAC address to force a new IP address via Comcast DHCP but the router does not have the flexibility to configure it, so the solution is to change the hardware. I have a Cisco ASA 5506-X before the core home network so it is not a significant concern. If there is no way to dig deeper into these WANATTACK details then I would like to know if there is a way to remove ALL firewall function at the modem/router, including IDS, so that I can collect these details at the Cisco ASA firewall. Has anyone have tried this configuration? Thank you.
Bridge the modem and get the WAN issued to the ASA instead and then you'll have better logging and also the ability to shift from one port to another if you need to change the IP by moving the cable and changing a couple of statements in the ASA.