Portscan detection
Results 1 to 4 of 4

Thread: Portscan detection

  1. #1
    Senior Member IcSilk's Avatar
    Join Date
    Aug 2001

    Angry Portscan detection

    I have recently noticed permitted portscans listed in my firewalls intrusions log file.

    The only options about portscans that my firewall provides (Kerio personal) is whether to log them or not.

    The scans have come from 2 differant web hosting companies (Both located in the same city) and I am sure they are partner companies or at the least affiliates of one another.

    the IP of the most common scanner of my ports is from a website that I assume is hosted through one of these companies, I know which site it is and I have no clue why they are scanning me.

    I have emailed both the above companies asking why the scans are being held, if they are customary (I am sure they are not) and what thier intentions are - still yet to hear a response from either.
    Also, I have scanned my own ports using localhost ( and found my open and vulnerable ports. I run on Windows XP and I haven't been able to sort out getting the ports closed (I could definately use some advice here) and would like to avoid deleting them if possible, to avoid more intrusions.

    So I ask - what else can I do to combat this and how do I know if there is really a 'fiddler' in my system?
    A bit of a worry is if someone happens to install a keylogger on my system - how would I know, where would one go if it was there and how do I eradicate it?

    Any advice and/or comments to help me improve my knowledge of this experience are greatly appreciated.


  2. #2
    @ΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    St. Petersburg, FL
    2 things...

    1st...If you are using Kerio.... The loopback is a trusted network.... You'll have to scan externally to get the correct results....

    2nd... Kerio is blocking the portscans, as long as you didn't do anything stupid like allow all or set the internet as a trusted network. You're fine.

    Read through some of the tutorials here, specifically... anything related to firewalls.

    Have fun.
    Real security doesn't come with an installer.

  3. #3
    as for the keylogger, i would check all the possibilities of automatic startup, this means:

    look at msconfig at something unusual, look at the services at something unusual, and look at the registry: search for runonce, and check all the run "folders" / keys, that are right before it, if they don't include something strange, then i doubt that you would have a keylogger, of course nothing is for sure, since they could use some kind of root kit to avoid from being detected, but most times the above actions would be sufficient.

    b.t.w. also don't forget your own start up folder, when you go to start, programs, start up. this also can contain any keylogger if it were there...

    if you see anything strange, search for the executable that is ran and see if it is suppose to be there, if you can't figure it out, post it here (the name of the executable) and perhaps we can help..

    but like d0ppl3g4ng3r already said, if you configured your firewall correct, i doubt you've got anything to worry about...

  4. #4
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Huson Mt.
    The only options about portscans that my firewall provides (Kerio personal) is whether to log them or not.
    Please note the attachment. It is a screen shot of the configuration page that allows you to deny minor little port scans.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts