April 26th, 2004, 09:14 PM
Port Scan Minor Incoming TCP 0.9.7.1 00-D0-BA-DA-76-01
Port Scan Minor Incoming TCP 188.8.131.52 00-D0-BA-DA-76-01
Port Scan Minor Incoming TCP 184.108.40.206 00-D0-BA-DA-76-01
Port Scan Minor Incoming TCP 220.127.116.11 00-D0-BA-DA-76-01
Port Scan Minor Incoming TCP 0.0.0.0 00-D0-BA-DA-76-01
Above are some IPs that are trying every minute to scan my ports as:
port 1025, 445, 3410 and port 6129
Please and need a help from you guys on how to deal with the above ips and others that i did not past them here.
I once laid a complaints on port scanning and really i got some assistance from this group, i still believe you will assist again... I dont want to be scanned again.
What measure will i take to get ride, report or block this activity?
What are the probably caurse of port scanning?
Thank You all and God bless us all.
April 26th, 2004, 10:00 PM
First off, giving your IP out like ya just did isn't smart you shoulda masked it. Anyways, what OS are you running and do you have a firewall installed? If so, what are the settings?
April 26th, 2004, 10:17 PM
Good day usmany,
It appears you have a firewall in place which is either dropping the packets or blocking them. The IP addresses you provided are European and you may be able to find out who they belong to by entering them in the following link:
For others, the free program called Sam Spade works pretty well and you can inquire about IP's by entering them in the address block and pressing the "whois" radio button. You can download that program at:
Responses from both locations will usually have an abuse point of contact with an email address.
This works frequently, however some IPs may be spoofed and so locating the offender may be difficult to near impossible. But contacting the abuse point of contact may alert them to the reality that their computers are being used unlawfully
Continue to keep your firewall updated and have programs that detect and rid your computer of malware. Two programs that do a pretty good job of that are Adaware and Spybot S & D.
If you haven't already installed an Anti-Virus program, you should have that as well.
All of these programs need to be kept updated frequently. There is not promise that this will make you completely safe on the Internet, however, it will definitely bring you closer to that goal.
You mention some speific ports they were scanning. You need to close all non-vital ports or stop all non-vital services. They're several web sites you can visit which will scan your computer to see which ports you may have open. The following site is one such:
Two other programs of great value for keeping your computer clean are: CWShreader and Hyjackthis. You can use www.google.com to locate them. You will need to read up on them prior to using them because you could accidently delete some critical registry entrees by mistake.
If I can be of further assistance, please let me know.
Edit: another site for a security scan of your computer is: http://scan.sygate.com/
April 26th, 2004, 10:22 PM
Are not my ips, they are the ips my firewall catched trying to scan my network and mac address... There is no way i will display my ip like that..
There is something wrong about those ips and mac address if you can fish out please and tell me what you suspect, commend and recommendation on what action to take.
April 26th, 2004, 10:37 PM
Relyt, thank you very much on that information and i know you really asisted me much on that... I tarced back all the ips and i found same root you got and also found the abuse mail address which i did sent them mail and got an automated response.. I will wait and see if any reasonable and concern pers from any of the ips will response reasonably if not then I will look for another means of making them be aware of what is happening.
On issue of the ports, i will also do something on closing the ports and know what the ports are for...
I do have anti-virus that is always updating itself which I bought from mwti.net (micro world Inc.) I also have avg from grisoft.com and mcafee installed on my office system runing winme... fireware i am using is a software (sygate) and I also config mcafee firewall on some of the systems running it...
I will visit some of the site you gave me to download the other softwares and try.
April 27th, 2004, 08:36 AM
Good morning guys, hope we all had a wonderful night and day?
Mr. Relyt, i downloaded spybot software, installed and runed, is cool software and i do like it and its fuctions... I recommend to all users of antionline to try it too if they can.
All thanks goes to antionline discussion group for all asistance we give/render to one another. Also to members of Antionline.
April 27th, 2004, 09:52 AM
Whatever software you're using is reporting "port scan" for something which is not doing a port scan.
Nearly all intrusion attempts since about 2001 have been from Windows worms. The owners of the machines are not (directly) responsible for their actions; most are entirely unaware of it.
You should configure your IDS to ignore common worms intrusions, because they are so common and it is so pointless to report them.
Personally I wouldn't even bother logging a connection attempt to a closed port 80, as it's created by so many worms, spiders, bots and anything else. Every IP on the internet gets many connection attempts per day.
April 27th, 2004, 11:58 AM
Actually it looks like the IPs may be spoofed, since differing IPs have the same MAC address.
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
April 27th, 2004, 12:53 PM
steve.milner "Actually it looks like the IPs may be spoofed, since differing IPs have the same MAC address".
I think you are right since MAC Add are same.
April 27th, 2004, 01:09 PM
Ahem..... The MAC address in the packets reported is the MAC address of the last device the packet passed through, (probably a router), so it isn't an indicator of address spoofing.
However the 0.0.0.0 and 18.104.22.168 are pretty good indicators of spoofing. The first is a broadcast and it couldn't be replied to across the public network and the other is one hell of a coincidence.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides