Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: portscan? what is it?

  1. #1
    Junior Member
    Join Date
    Jun 2002

    Question portscan? what is it?

    I was surfing the Net tonight and my Norton firewall came up with a message saying that an intruder had been stopped trying to get into my computer. Now, I'm kind of new with this security stuff. Norton told me that the attack was a "portscan". So what I need to know is exactly what is a portscan, and how much of a threat is it? I ran the IP address from the offending computer on this site, and it came back to somewhere in France. It didn't give an ISP or anything like that. The trace didn't get more specific than the country. So, do I have anything to worry about here?

  2. #2
    Senior Member
    Join Date
    Feb 2002
    Probably not, as long as your firewall is doing its job. A port scanner is a program that scans computer networks for hosts (computers) with open ports. Basically, it does this by trying to make connections with your computers ports. If your firewall is set to block these connection attempts you should be ok. If your firewall is properly configured, and you aren't running any services (and allowing incoming connections), the scanner will probably never know that you are there. I wouldn't worry about it unless you keep getting scans from the same ip.
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  3. #3
    Well, probably someone in your local network is interested in your open ports, services, etc. They could find any potential vulnerability. I suggest consultin Google on how to close open ports. It includes process diabling and registry browsing.
    The access to the computer or
    anything else that shows us how the
    world works must be total and

  4. #4
    well somefilename. he's running a firewall (its what told him about the "attempt" in the first place...) so chances are if there are any network accessable ports, chances are he wants them open, as most firewalls will block any ports and applications unless explicitly allowed.

  5. #5
    Junior Member
    Join Date
    Jun 2002
    Thanx for the info. I googled the IP address, and it seems like other ppl have gotten pinged by it too, w/ no harmful effects. Another question for you experts out there, why would a random computer from another country be looking for open ports on my laptop?

  6. #6
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Button Moon
    Its not the random computer looking for open ports - its the random person sitting behind the random computer thats looking for them!

    There must be millions of people who download [easily available] port scanners and just start scanning away at IP ranges - but only, probably hundereds, who know what to do when they find an open port!

    Dont worry about it, as long as your firewall is doing its job - which it is - you are pretty safe!
    Drugs have taught an entire generation of kids the metric system.


  7. #7
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    SW MO
    Originally posted by Xenoborg2001:

    why would a random computer from another country be looking for open ports on my laptop?
    I seriously doubt that you were targeted specifically... Some people just scan until they find the weakness that their prewritten exploits will take advantage of... these people are generally called script kiddies...
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"


  8. #8
    Senior Member
    Join Date
    Feb 2005
    Here is a thread on the same topic as yours. Have a look

    \"The Smilie Wars\" ... just arrived after the great crusades

    .... computers come to the rescue .... ah technology at last has some use.

  9. #9
    Member aciscorouter's Avatar
    Join Date
    Mar 2002
    Brampton, ON, Canada
    Reconnaissance is the first thing that an attacker will do to find a juicey target. Port scans (aka port knocking) is only one form of recon (war-dialing is another example) and it serves the purpose of revealing what services the target host has wide open.

    Once an attacker finds open ports such as NetBios or FTP they will do some research about the open ports to see if any vulnerabilities exist and if so, will come back later with the right tool to compromise your system.

    In a lot of cases the attacks are spoofed, meaning, the attacker has either compromised another system and is attacking you from there or else they are using phoney source IP addresses to cause a condition whereby your system becomes completely "owned" by them and they can re-visit anytime and your system will be the next porn mirror or point of attack.

    "I used up all my sick days, so Iím calling in dead."

  10. #10
    Join Date
    Feb 2006
    There must be millions of people who download [easily available] port scanners and just start scanning away at IP ranges
    Ummm no... the idea that some "script-kiddie" is going to use nmap and then push the results to exploit.exe just doesn't happen. And I blame those classes or 101 portions of cons for telling people otherwise. The idea is that you have bots to take the work-load and not the other way around.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts