Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Somebody is scanning your computer.

  1. #1
    Join Date
    Jan 2003

    Somebody is scanning your computer.

    Hi,I have recently installed sygate firewall on my computer.Tonight it alerted me to the fact that someone was trying to run a port scan on my computer...and the severity was shown to be minor.....from the traffic log i found that the scanner has used the application C:\winnt\system 32\inetsrv\inetinfo.exe....Now what i want to know is is this breach something serious and is there anyway i can nail this guy...his I.p address is have tried to use the backscan option and then find his address but I am not able to...pls help...thx

  2. #2
    Senior Member
    Join Date
    Nov 2002
    people get port scanned everyday. i wouldnt worry about it. its probably some ******* just scanning ip adies for that easy open port.if your really worried about it.... and actually you should regardless get a proxy like JAP or multiproxy.
    Don\'t be a bitch! Use Slackware.

  3. #3
    Junior Member
    Join Date
    Aug 2001
    While it is possible to "nail" this guy (if he wasn't being smart about it) you probably don't want to bother. At most he'd get a slap on the wrist, if that. It would take tons of your own time to. Having someone scan you is no big deal at all if you have a firewall in place, which you do. If this is the first you've been scanned, which I doubt, you are in for tons of more scans. I wouldn't waste my time about time. Oh, and getting scanned isn't a breach. Essentially, it could be compared to someone looking at your house trying to decide what the easiest way in is. I wouldn't worry about it, though. Unless of course the same ip address keeps up repetative scans.


  4. #4
    Join Date
    Jan 2003
    an'what about this data that he accessed...is it anything to worry about..

  5. #5
    Senior Member
    Join Date
    Jan 2003
    actually i am pretty sure its legal to port scan ... its been debated here many times before but i think its legal .. so really .. scanning is doing nothing bad .. unless they actually got into your machine
    Just because you don\'t see it doesn\'t mean it\'s not there

  6. #6
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002

    Port scans are only legal if the target is aware and has agreed. At the moment its a discussion that in future any scanners found on computers might be illegal. In germany for example, if you portscan, the ISP might cut you off, and will send a notice to the target with your information. All this is still being discussed, nothing sure yet. Now to the point of this thread. Most portscans are not to be taken too seriously, but its always advisable to have a firewall running (set up correctly ofcourse) and make sure that you read the logs all the time. If you want to go further, contact your isp and supply them with a copy of your firewall logfiles. They can be used to determine who scanned you when, and from where. Not that it will bring anything big, but if your ISP is a professional buissnes they will take some actions. Whatever happens, dont try to do anything yourself, for it may bring you trouble.

    Hope this has helped a bit.

    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  7. #7
    Senior Member
    Join Date
    Nov 2002
    Not that it will bring anything big, but if your ISP is a professional buissnes they will take some actions
    I wouldn't be that optimistic with ISPs. If smth malicious is compromising a home PC or a very small company I don't think that ISP will take any action. The best example of that is the very good Gibson paper (http://grc.com/files/grcdos.pdf)

    an'what about this data that he accessed...is it anything to worry about..
    How do you know that someone accessed to your personnal data? Your firewall detected the port scan and should have blocked the traffic. So I think that your attacker didn't get the info he wanted.
    Do you have microsoft webserver/ftpserver running? It seems that's the attacker sends some traffic to this type of server (InetServ). You should remove the server unless you really need it!
    If your never had firewall before maybe are you virii infected. you should run an updated antivirii to check.
    Hope I could help!
    [shadow] SHARING KNOWLEDGE[/shadow]

  8. #8
    Senior Member
    Join Date
    Jan 2002
    the scanner has used the application C:\winnt\system 32\inetsrv\inetinfo.exe
    You mean the scanner has attacked the application inetinfo.exe ?

    Surely the only reason you'd be running inetinfo.exe is because you are running Microsoft IIS. If you did not intend to do so, remove it immediately!

    Given its dubious security history, I really recommend that you don't use it unless you know what you're doing.

  9. #9
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Did anyone bother to do a whois?
    Part of the details I found in a quick search..
    some details deleted:
    inetnum: -
    netname: BIT-IRC-1
    descr: BIT proxyscan PI space
    country: NL
    admin-c: SB825-RIPE
    tech-c: SB825-RIPE
    status: ASSIGNED PI
    remarks: In case of proxyscan activity, please refer to
    remarks: http://www.************/proxyscan.php
    remarks: email address: proxy-team@*********
    remarks: please do NOT mail any other @********* about it, as they
    remarks: are not involved
    mnt-by: BIT-MNT
    mnt-by: RIPE-NCC-HM-PI-MNT
    mnt-lower: RIPE-NCC-HM-PI-MNT
    mnt-routes: BIT-MNT
    notify: scancomplaints@bit.nl
    changed: scancomplaints@bit.nl 20020122
    source: RIPE

    descr: route object for
    origin: AS12859
    notify: scancomplaints@bit.nl
    mnt-by: BIT-MNT
    changed: scancomplaints@bit.nl 20020122
    source: RIPE

    person: -------------------------
    address: +++++++++++++++
    address: ++++++++++++++
    address: The Netherlands
    phone: ===============
    e-mail: scancomplaints@bit.nl
    nic-hdl: SB825-RIPE
    mnt-by: BIT-MNT
    changed: scancomplaints@bit.nl 20020122
    source: RIPE
    Listen to Slarty's advice.. I add "Disable ALL unused services and Servers"
    but it would be interesting if you had supplied a extract from your logs.. some could have given a bit better advice..
    You have good chance that a deliberate scan is happening when the common trojan ports are being scanned several times in a half hour.. but a single ping on one port?

    to get away from jhgrew's question:
    I regularly get complaints from customers/clients about these hackers probing their system.. Only to find after checking their logs, that it is "normal" traffic, a web site checking the link etc.. or better the IP add is that of bigandbusty.com or lickablechicks.com.. some firwall progs are a pain in the wrong hands..

    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  10. #10
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    WinTasks Process Library

    inetinfo - inetinfo.exe - Process Information
    Process File: inetinfo or inetinfo.exe
    Process Name: IIS Admin Service Helper
    Description: InetInfo is Part of Microsoft Internet Infomation Services (IIS) and is used for debugging
    Common Errors: N/A
    System Process: Yes

    Source: http://www.liutilities.com/products/...rary/inetinfo/

    Its an IIS process. Turn off IIS or make sure you have all the latest patches updated on your system.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts