-
March 29th, 2002, 10:19 AM
#1
Member
Some questions
My firewall has been of late picking up lots of scans everytime if get on,mostly on port 80 and some for Sub7. This is strange because usually i wasn't getting any. Now i have a couple of questions
1. Why is my firewall ZA being so active lately, is that all right.
2. Usually the scan is on port 80. Should i be worried
Also, from where can i get a list of ISPs and their addresses
-
March 29th, 2002, 10:25 AM
#2
I get lots of scans when I get on a P2P network... I consider it normal and non-worrysome, as long as they don't acturally get a connection to anything... Port 80 is HTTP, if you're a webserver. The client (your web browser) normally uses a different port. My fire wall is filled up with all sorts of stuff. Most of my refusals are Gnutella connections. I might write a program to sift through my log and make a text file with the other refusals in the future, so I woun't have to go through 1,000 gnutella related ones to find the 1 - 100 scripts...
If you do a tracert (windows), or use the website http://visualroute.visualware.com 's scanner, you should beable to find the offending computer. It should tell you the ISP, and if you complain about it or something, telling the user, time, date, etc, something may be done about it. I haven't had experience with it, but others may have...
-Tim_axe
-
March 29th, 2002, 11:51 AM
#3
Member
-
March 29th, 2002, 01:42 PM
#4
I use ARIN. (American Registry for Internet Numbers)
http://www.arin.net/tools/whois_help.html
It's usually pretty helpful.
Above ground, vertical, and exchanging gasses.
Now you see me | Now you don't
"Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
sometimes my computer goes down on me
-
March 29th, 2002, 01:56 PM
#5
I'm betting that a lot of the port 80s are leftover Nimdia and/or Code Red type worms. I still have students that connect and blam! get infected even at this point. The fact that ZA is picking it up is good. That means its doing its job, by protecting your machine from others.
You might want to go and find Sam Spade. This can do a reverse DNS on ip's and you can then send a copy of your ZA log to their abuse desk to deal with it.
-
March 29th, 2002, 02:23 PM
#6
Member
Re: Some questions
Originally posted here by ihsir
1. Why is my firewall ZA being so active lately, is that all right.
2. Usually the scan is on port 80. Should i be worried
Also, from where can i get a list of ISPs and their addresses
http://www.microsoft.com/technet/mpsa/start.asp
Try that
http://www.microsoft.com/downloads/r...eleaseid=31154
or that if (hfnetchk) you do not have Xp
Its (microsoft security advisor)an informative security from microsoft that will actually
give you advice on your security leaks
Good luck
-
March 29th, 2002, 02:32 PM
#7
Script Kiddies love port 80 also.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
March 29th, 2002, 02:37 PM
#8
quote:
Originally posted here by ihsir
1. Why is my firewall ZA being so active lately, is that all right.
2. Usually the scan is on port 80. Should i be worried
Also, from where can i get a list of ISPs and their addresses
-----------------------------------------------------------------------------------------------------------------------
I would like to know why you want a list of ISPs and their address'.
Are you speaking of their IP Range or their physical address?
It is better to be HATED for who you are, than LOVED for who you are NOT.
THC/IP Version 4.2
-
March 29th, 2002, 03:18 PM
#9
I think he might mean the isp's physical address. That way he can snail mail his logs. Either that or send em a bomb......
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
March 29th, 2002, 05:35 PM
#10
Senior Member
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|