-
January 27th, 2003, 05:10 AM
#1
Member
Somebody is scanning your computer.
Hi,I have recently installed sygate firewall on my computer.Tonight it alerted me to the fact that someone was trying to run a port scan on my computer...and the severity was shown to be minor.....from the traffic log i found that the scanner has used the application C:\winnt\system 32\inetsrv\inetinfo.exe....Now what i want to know is is this breach something serious and is there anyway i can nail this guy...his I.p address is 193.109.122.5..........I have tried to use the backscan option and then find his address but I am not able to...pls help...thx
-
January 27th, 2003, 05:16 AM
#2
people get port scanned everyday. i wouldnt worry about it. its probably some ******* just scanning ip adies for that easy open port.if your really worried about it.... and actually you should regardless get a proxy like JAP or multiproxy.
Don\'t be a bitch! Use Slackware.
-
January 27th, 2003, 05:18 AM
#3
Junior Member
While it is possible to "nail" this guy (if he wasn't being smart about it) you probably don't want to bother. At most he'd get a slap on the wrist, if that. It would take tons of your own time to. Having someone scan you is no big deal at all if you have a firewall in place, which you do. If this is the first you've been scanned, which I doubt, you are in for tons of more scans. I wouldn't waste my time about time. Oh, and getting scanned isn't a breach. Essentially, it could be compared to someone looking at your house trying to decide what the easiest way in is. I wouldn't worry about it, though. Unless of course the same ip address keeps up repetative scans.
Raven
-
January 27th, 2003, 05:25 AM
#4
Member
an'what about this data that he accessed...is it anything to worry about..
-
January 27th, 2003, 05:55 AM
#5
Senior Member
actually i am pretty sure its legal to port scan ... its been debated here many times before but i think its legal .. so really .. scanning is doing nothing bad .. unless they actually got into your machine
Just because you don\'t see it doesn\'t mean it\'s not there
-
January 27th, 2003, 11:09 AM
#6
Hi...
Port scans are only legal if the target is aware and has agreed. At the moment its a discussion that in future any scanners found on computers might be illegal. In germany for example, if you portscan, the ISP might cut you off, and will send a notice to the target with your information. All this is still being discussed, nothing sure yet. Now to the point of this thread. Most portscans are not to be taken too seriously, but its always advisable to have a firewall running (set up correctly ofcourse) and make sure that you read the logs all the time. If you want to go further, contact your isp and supply them with a copy of your firewall logfiles. They can be used to determine who scanned you when, and from where. Not that it will bring anything big, but if your ISP is a professional buissnes they will take some actions. Whatever happens, dont try to do anything yourself, for it may bring you trouble.
Hope this has helped a bit.
Cheers.
Ubuntu-: Means in African : "Im too dumb to use Slackware"
-
January 27th, 2003, 11:57 AM
#7
Not that it will bring anything big, but if your ISP is a professional buissnes they will take some actions
instronic,
I wouldn't be that optimistic with ISPs. If smth malicious is compromising a home PC or a very small company I don't think that ISP will take any action. The best example of that is the very good Gibson paper (http://grc.com/files/grcdos.pdf)
an'what about this data that he accessed...is it anything to worry about..
jhgrew,
How do you know that someone accessed to your personnal data? Your firewall detected the port scan and should have blocked the traffic. So I think that your attacker didn't get the info he wanted.
Do you have microsoft webserver/ftpserver running? It seems that's the attacker sends some traffic to this type of server (InetServ). You should remove the server unless you really need it!
If your never had firewall before maybe are you virii infected. you should run an updated antivirii to check.
Hope I could help!
[shadow] SHARING KNOWLEDGE[/shadow]
-
January 27th, 2003, 01:07 PM
#8
the scanner has used the application C:\winnt\system 32\inetsrv\inetinfo.exe
You mean the scanner has attacked the application inetinfo.exe ?
Surely the only reason you'd be running inetinfo.exe is because you are running Microsoft IIS. If you did not intend to do so, remove it immediately!
Given its dubious security history, I really recommend that you don't use it unless you know what you're doing.
-
January 27th, 2003, 02:04 PM
#9
Did anyone bother to do a whois?
Part of the details I found in a quick search..
some details deleted:
inetnum: 193.109.122.0 - 193.109.122.255
netname: BIT-IRC-1
descr: BIT proxyscan PI space
country: NL
admin-c: SB825-RIPE
tech-c: SB825-RIPE
status: ASSIGNED PI
remarks: In case of proxyscan activity, please refer to
remarks: http://www.************/proxyscan.php
remarks: email address: proxy-team@*********
remarks: please do NOT mail any other @********* about it, as they
remarks: are not involved
mnt-by: BIT-MNT
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-routes: BIT-MNT
notify: scancomplaints@bit.nl
changed: scancomplaints@bit.nl 20020122
source: RIPE
route: 193.109.122.0/24
descr: route object for 193.109.122.0/24
origin: AS12859
notify: scancomplaints@bit.nl
mnt-by: BIT-MNT
changed: scancomplaints@bit.nl 20020122
source: RIPE
person: -------------------------
address: +++++++++++++++
address: ++++++++++++++
address: The Netherlands
phone: ===============
e-mail: scancomplaints@bit.nl
nic-hdl: SB825-RIPE
mnt-by: BIT-MNT
changed: scancomplaints@bit.nl 20020122
source: RIPE
Listen to Slarty's advice.. I add "Disable ALL unused services and Servers"
but it would be interesting if you had supplied a extract from your logs.. some could have given a bit better advice..
You have good chance that a deliberate scan is happening when the common trojan ports are being scanned several times in a half hour.. but a single ping on one port?
to get away from jhgrew's question:
I regularly get complaints from customers/clients about these hackers probing their system.. Only to find after checking their logs, that it is "normal" traffic, a web site checking the link etc.. or better the IP add is that of bigandbusty.com or lickablechicks.com.. some firwall progs are a pain in the wrong hands..
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
January 27th, 2003, 05:54 PM
#10
WinTasks Process Library
inetinfo - inetinfo.exe - Process Information
Process File: inetinfo or inetinfo.exe
Process Name: IIS Admin Service Helper
Description: InetInfo is Part of Microsoft Internet Infomation Services (IIS) and is used for debugging
Common Errors: N/A
System Process: Yes
Source: http://www.liutilities.com/products/...rary/inetinfo/
Its an IIS process. Turn off IIS or make sure you have all the latest patches updated on your system.
N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|