-
March 10th, 2003, 11:33 PM
#1
Banned
my ports keeps on getting scanned
I am constsntly getting scanned by this one ip address and I wish to trace it to find out who it is.
How can i do this? thay are resenably strong attacks.
-
March 10th, 2003, 11:37 PM
#2
What type of scan are they doing?
Go to the following website and do a whois search on their IP Address:
http://www.alertsite.com
It will tell you who owns the IP range, and will possibly give you a contact number for a techo who you can make a complaint to.
Good Luck..
SoggyBottom.
[glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]
-
March 10th, 2003, 11:39 PM
#3
You can find out who by getting the IP address from your firewall (You do have a firewall right?!) and plopping the address into Sam Spade. That'll tell you where and who to contact.
I wouldn't recommend going after them as it puts you in a position of potentially breaking the law. Contact their ISP (usually it's abuse@isp.com -- whatever their isp.com is) and file a complaint. Don't be surprised if you are actually being annoyed by a code red, code red II or the latest MS worm/scanner, Deloder. It's not a direct attack but rather the work of left over worms and slow admins.
-
March 10th, 2003, 11:42 PM
#4
why dont you scan his
he wi'll probably stop sacnning
lol
-
March 11th, 2003, 12:18 AM
#5
I tried that idea once, it just ended up in more people joining him to scan me more....
-
March 11th, 2003, 12:49 AM
#6
I am constsntly getting scanned by this one ip address and I wish to trace it to find out who it is.
Read my tutorial here http://www.antionline.com/showthread...hreadid=236583
Are you completely sure it's a scan? I assume you are using Windows. I also assume you are using something like Zonealarm.
I thirdly assume you're running P2P software, Antivirus updates, Adware and a variety of other horrible promiscuous things.
As I said before in my tutorial, turn it *all* off, close *all* applications that could possibly want to use the network connection. If you're still getting "scanned", then your fears might even be real.
All these P2P evil things are a nightmare for IDS, they create loads of connections on every conceivable port number.
On no account should you "scan back" at the thing which is scanning you. Firstly, there probably isn't a human there to notice, secondly, if there is, they could take worse action against you (If it's your ISP they might decide to close your account)
-
March 11th, 2003, 01:06 AM
#7
could also be that u are on a lan, because many times when people play online games, the games scan for ports, and so fourth, for connections and ping time ****. those are mostly harmless though. i do suggest that u read some tutorials if u are not familliar with this subject. That guys tutorial is good.
-
March 11th, 2003, 01:42 AM
#8
I have found that I've never been scanned by the same IP twice once I've opened two times ten to the seventyth embryonic tcp connections with their host.
Just kidding.......
Kind of
-
March 12th, 2003, 11:19 PM
#9
Banned
Thanks guys, yes slarty we are curently running windows XP and do have a fire wall and running Zonealarm. (thay keep on hitting us and id like to find out where it is comming from)
I wouldnt wast my time scanning his. not worth the hassl.
-
March 13th, 2003, 01:22 AM
#10
Member
I am no expert but I too was being scanned all the time and decided to take action like you. I was running ZA as well. What ports are being scanned? www.grc.com is a very helpful site. I was getting hit on 137 (15,000 some times) and it shows you how to disable NetBios and the like, since then I haven't been scanned once!
Hope that helps
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|