May 10th, 2004, 12:11 AM
Constantly scanning my computer
Somebody is scanning my computer all of the time. Basically, everytime that I'm online. My firewall Sygate 5.5 allows me to traceback to identify who it is. The person in question uses the same ISP as me and I have there email address. Basically, I tried scanning them back using GFI Languard but their system is secured so can't piss them off back. What annoys me is that my firewall is constantly flashing red which is really pissing me off. I don't want to report them to the ISP, I would much rather get my own back. I am a newbie to security/hacking concepts and have tried to secure my machine as much as possible and yes I have a few scanning tools. Can somebody suggest a tool or tools or methods I can use to get my own back on this **** who is making me paranoid !
May 10th, 2004, 12:16 AM
Interestingly enough, my ISP does exactly the same thing to me every time I log on. I don't know exactly how it works but, the ISP knows I'm on, however I have a packet dropping firewall and there is no indication that a live node is on the other end. It is part of their software to acknowledge an IP is being utilized.
So in your case, I would contact them first before I decided to take some action. Also remember that although you may be getting scanned, it may not be alright for you to scan back.
edit: Additionally, most of us get scanned frequently when we are online. Sounds like your firewall is doing is job of blocking or dropping. There are a myrid of scanning tools out their also. www.google.com
Here's a quote from Slarty, one of our Senior Members, and it's appropriate here as well:
Nearly all intrusion attempts since about 2001 have been from Windows worms. The owners of the machines are not (directly) responsible for their actions; most are entirely unaware of it. You should configure your IDS to ignore common worms intrusions, because they are so common and it is so pointless to report them.
May 10th, 2004, 12:26 AM
There are quite a few reasons why you should report to the isp and not try to hack back. If you do a quick search of the forums you will see this has come up a few times befor. But ill give you some advice anyway.
Don't ask for advice on hacking here, you will get flamed to death. This community is about security. Did you read the FAQ.
Also the computer that you are getting scanned from may be a zombie and the person who owns it may be unaware he is scanning you.
From what i have read most ordinary users that get hacked, do so because they have pissed some one off on IRC or a gameing site. As you are new to this do you realy want to piss someone off who maybe able to do some real damage to your box.
Just a quick email to abuse@isp should be all you nead to do. Just enclose your firewall log.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
May 10th, 2004, 12:30 AM
Or maybe it's just your ISP scanning to see if your IP is available?..just a thought
May 10th, 2004, 12:31 AM
To add to Relyt's post:
10 ) Don't fight back (until you are the biggest baddest Muther F"*@er there is)
20 ) report the abuse to your ISP.
30 ) Check the F/W settings so that an alarm is NOT generated for this attack.
40 ) Again in the F/W, put that address into your blocked list.
50 ) Make a note of the address for when you ARE ( goto 10)
55 - I'm fiftyfeckinfive and STILL no wiser,
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
May 10th, 2004, 12:53 AM
Foxy and the other members are right:
You do not know if it is a deliberate attack from that source?
Like the IP addy is 220.127.116.119 EVERY time, or do the characters change?
You may have someone with an infected machine on your subnet?..........they may not know about it...........talk to your ISP mate.
May 10th, 2004, 02:52 AM
Just to ilustrate what groovicus said MY ISP keeps scanning me everytime I'm online, so do check who you are trying to mess with beforehand....
May 10th, 2004, 04:21 AM
mungkey, I had the same problem not so long ago. Check out this thread and it may answer some questions for you http://www.antionline.com/showthread...hreadid=255793
However the problem that I had was when I did attach my firewall logs, my ISP misread them and instead forwarded the report my way. This angered me, however it was probably an autoparser or something, so make sure they know that you are the victim! And more than likely as the others have said, its someone attacking you that isn't aware of what they are doing. Some of the steps I took to reduce the traffic I saw was, blocking their IP's with sygates advanced rules. Then blocking thier MAC address on top of that. And finally I got a hardware router. Haven't heard from them since.
If your unsure how to block and IP address in Sygate, go to tools, advanced rules, then you can add a rule and specify it however you like. I'd suggest going straight for their mac address as IP's can be changed easier. Hope this helps!
May 10th, 2004, 09:09 AM
Thanks. I feel a lot less paranoid now
I've reported the problem to my ISP and have added the MAC address to my advanced rules.
May 10th, 2004, 02:29 PM
Please be aware that "scan" a host inst considered an attack, except when the scan is slowing down your connection or causing other performance problems. Send 1 probe per minute, for example, cant be considered an attack even on an 33k connection. Just talking about ONE scan. Repetitive scan are considered annoying and must be reported.
On other hand, there is some ISP that scans users computers to see if is there any "forbidenn" services (services that your contract prohibited - as an example. some ISP avoid HTTP servers on home connections). Consider it before block ISP packets.
This kind of ISP scan is really dumb. ISP with more technologies just scan packets at random to see if you are doing some illegal activities (illegal - against your agreement).
You can see this a privacy problem, but they really do that....
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt.
If I die before I wake, I pray the Lord my soul to brake.