Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Some questions

  1. #1

    Question Some questions

    My firewall has been of late picking up lots of scans everytime if get on,mostly on port 80 and some for Sub7. This is strange because usually i wasn't getting any. Now i have a couple of questions

    1. Why is my firewall ZA being so active lately, is that all right.
    2. Usually the scan is on port 80. Should i be worried


    Also, from where can i get a list of ISPs and their addresses

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    786
    I get lots of scans when I get on a P2P network... I consider it normal and non-worrysome, as long as they don't acturally get a connection to anything... Port 80 is HTTP, if you're a webserver. The client (your web browser) normally uses a different port. My fire wall is filled up with all sorts of stuff. Most of my refusals are Gnutella connections. I might write a program to sift through my log and make a text file with the other refusals in the future, so I woun't have to go through 1,000 gnutella related ones to find the 1 - 100 scripts...

    If you do a tracert (windows), or use the website http://visualroute.visualware.com 's scanner, you should beable to find the offending computer. It should tell you the ISP, and if you complain about it or something, telling the user, time, date, etc, something may be done about it. I haven't had experience with it, but others may have...

    -Tim_axe

  3. #3
    Member
    Join Date
    Aug 2001
    Posts
    69

    Arrow Re: Some questions

    Originally posted here by ihsir

    Also, from where can i get a list of ISPs and their addresses
    http://www.ripe.net
    Try, Fail but Do iT at last!
    ASA The ZeroTimeR
    The Turkish IT Documentation Project

  4. #4
    All the Certs! 11001001's Avatar
    Join Date
    Mar 2002
    Location
    Just West of Beantown, though nobody from Beantown actually calls it "Beantown."
    Posts
    1,230
    I use ARIN. (American Registry for Internet Numbers)

    http://www.arin.net/tools/whois_help.html

    It's usually pretty helpful.
    Above ground, vertical, and exchanging gasses.
    Now you see me | Now you don't
    "Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
    sometimes my computer goes down on me

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    I'm betting that a lot of the port 80s are leftover Nimdia and/or Code Red type worms. I still have students that connect and blam! get infected even at this point. The fact that ZA is picking it up is good. That means its doing its job, by protecting your machine from others.

    You might want to go and find Sam Spade. This can do a reverse DNS on ip's and you can then send a copy of your ZA log to their abuse desk to deal with it.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6

    Re: Some questions

    Originally posted here by ihsir


    1. Why is my firewall ZA being so active lately, is that all right.
    2. Usually the scan is on port 80. Should i be worried


    Also, from where can i get a list of ISPs and their addresses

    http://www.microsoft.com/technet/mpsa/start.asp

    Try that


    http://www.microsoft.com/downloads/r...eleaseid=31154

    or that if (hfnetchk) you do not have Xp
    Its (microsoft security advisor)an informative security from microsoft that will actually
    give you advice on your security leaks

    Good luck

  7. #7
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    Script Kiddies love port 80 also.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  8. #8
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    Posts
    724
    quote:
    Originally posted here by ihsir

    1. Why is my firewall ZA being so active lately, is that all right.
    2. Usually the scan is on port 80. Should i be worried

    Also, from where can i get a list of ISPs and their addresses
    -----------------------------------------------------------------------------------------------------------------------

    I would like to know why you want a list of ISPs and their address'.
    Are you speaking of their IP Range or their physical address?
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

  9. #9
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    I think he might mean the isp's physical address. That way he can snail mail his logs. Either that or send em a bomb......
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  10. #10
    Senior Member
    Join Date
    Dec 2001
    Posts
    119
    Hahaha souleman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •