February 13th, 2006, 04:41 AM
portscan? what is it?
I was surfing the Net tonight and my Norton firewall came up with a message saying that an intruder had been stopped trying to get into my computer. Now, I'm kind of new with this security stuff. Norton told me that the attack was a "portscan". So what I need to know is exactly what is a portscan, and how much of a threat is it? I ran the IP address from the offending computer on this site, and it came back to somewhere in France. It didn't give an ISP or anything like that. The trace didn't get more specific than the country. So, do I have anything to worry about here?
February 13th, 2006, 04:50 AM
Probably not, as long as your firewall is doing its job. A port scanner is a program that scans computer networks for hosts (computers) with open ports. Basically, it does this by trying to make connections with your computers ports. If your firewall is set to block these connection attempts you should be ok. If your firewall is properly configured, and you aren't running any services (and allowing incoming connections), the scanner will probably never know that you are there. I wouldn't worry about it unless you keep getting scans from the same ip.
For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
(Romans 6:23, WEB)
February 13th, 2006, 08:34 AM
Well, probably someone in your local network is interested in your open ports, services, etc. They could find any potential vulnerability. I suggest consultin Google on how to close open ports. It includes process diabling and registry browsing.
The access to the computer or
anything else that shows us how the
world works must be total and
February 13th, 2006, 09:51 AM
well somefilename. he's running a firewall (its what told him about the "attempt" in the first place...) so chances are if there are any network accessable ports, chances are he wants them open, as most firewalls will block any ports and applications unless explicitly allowed.
February 13th, 2006, 06:52 PM
Thanx for the info. I googled the IP address, and it seems like other ppl have gotten pinged by it too, w/ no harmful effects. Another question for you experts out there, why would a random computer from another country be looking for open ports on my laptop?
February 13th, 2006, 07:19 PM
Its not the random computer looking for open ports - its the random person sitting behind the random computer thats looking for them!
There must be millions of people who download [easily available] port scanners and just start scanning away at IP ranges - but only, probably hundereds, who know what to do when they find an open port!
Dont worry about it, as long as your firewall is doing its job - which it is - you are pretty safe!
February 13th, 2006, 07:24 PM
I seriously doubt that you were targeted specifically... Some people just scan until they find the weakness that their prewritten exploits will take advantage of... these people are generally called script kiddies...
Originally posted by Xenoborg2001:
why would a random computer from another country be looking for open ports on my laptop?
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
February 13th, 2006, 08:16 PM
Here is a thread on the same topic as yours. Have a look
\"The Smilie Wars\" ... just arrived after the great crusades
.... computers come to the rescue .... ah technology at last has some use.
February 21st, 2006, 12:59 AM
Reconnaissance is the first thing that an attacker will do to find a juicey target. Port scans (aka port knocking) is only one form of recon (war-dialing is another example) and it serves the purpose of revealing what services the target host has wide open.
Once an attacker finds open ports such as NetBios or FTP they will do some research about the open ports to see if any vulnerabilities exist and if so, will come back later with the right tool to compromise your system.
In a lot of cases the attacks are spoofed, meaning, the attacker has either compromised another system and is attacking you from there or else they are using phoney source IP addresses to cause a condition whereby your system becomes completely "owned" by them and they can re-visit anytime and your system will be the next porn mirror or point of attack.
February 21st, 2006, 02:40 AM
Ummm no... the idea that some "script-kiddie" is going to use nmap and then push the results to exploit.exe just doesn't happen. And I blame those classes or 101 portions of cons for telling people otherwise. The idea is that you have bots to take the work-load and not the other way around.
There must be millions of people who download [easily available] port scanners and just start scanning away at IP ranges