Printable View
Me and a few of my friends very regularly battle it out via the internet using NMAP and all sorts of other stuff. We have never had any probs with our ISP's though.
I dont think they care unless they receive a lot of complaints on a regular basis about you!
My ISP only cares if someone complains enough... But anyone with half a mind scans on a different PC than their own if they plan on attacking... Proxies don't work either, because they show up as proxies, public computers get used the most for this type of thing.
that must be on effective worm to be able to go thorugh all thoes ports or a realy infected system. Both could be possable but it seems like a kiddy looking for machines to be exploited by his programs. Like it was said nmap isn't ilegal but a scan can be consitered an warning for a attack. Rule of thumb: "if it would make you suspisious don't do it to them".
not really... Sasser opens up quite a few ports on a computer I am quite sure... Even a skiddie wouldn't scan the same target over and over again... Unless they are really really stupid...
As a rule of thumb: "If a port scan makes you suspicious, you are too damn paranoid"
Actually worms will only scan a small number of ports... what you wanna scan is an IP range pluse a small number of ports that usually associate with the services which it'll use. Usually it'll run a buffer overflow exploit or take advantage of trojans that have been dropped by previous worms. Im sure there are still some idiotic scumbags out there that are still infected with welchia, agobot, doomjuice, & (ect). I'd like to send these peaple to camps and have them exterminated in giant gas chambers disguised as showers.Quote:
Originally posted here by ack!_GRUB!
that must be on effective worm to be able to go thorugh all thoes ports or a realy infected system. Both could be possable but it seems like a kiddy looking for machines to be exploited by his programs.
But why always just assume the "OMG how dare this guy" approach of things? Esspecially when automated attacks have consistantly been on the rise for the past 6 to 5 years or so.
To funny and a retard usually is just that.
First consider what you and so called friends are engaged in you topic LOL are these per chance your very activites.
Ports:
139 - Usually associated with the Bagel virus you or a fried have it and are looking for other systems. Or have placed it on another system.
6129- They these so called friends are looking to see if some sort of remote Admin is there.
139- This is about file sharing that relates to port 445 Server message or netbios looking for stuff to open to 139.
3127- Again most likely Mydoom that relates to the above.
1025- RPC ( Remte Call Procedure Call).
You want to know whay you have this stuff look to your own actions check any process running play with this tool online with on-line friends do not complain here. Try a goolgle search on your port numbers. You did not mention any software your are running.
Smiles crap stinks and a few here do also and I wish them luck it is rare I respond to nonsense, just make my living in the real world while real kids want to break Windows like that takes any knowledge.
Peace
Using nmap is like using any other tool, it's not illegal until you use it to break the law.
--PuRe
Its just a zombie infected with phatbot , do a whois and send an abuse complaint to the isp and if you are lucky they will tell them to clean up their computer , i see this all the time.....Quote:
Originally posted here by Cpt. Commander
Just so you know, some of the ports being scanned is, 2745, 6129, 139, 80, 445, 3127, 1025. Oh, by the way, his scanning has picked up again. He had stopped for a while, but it started again at 10:30 and lasted till 10:40. Then he stopped until 11:23 and did it once. But now he has stopped again. *shrug* I am wondering if maybe the person has a virus and doesn't know about it? Any opinions?
edit http://www.us-cert.gov/current/current_activity.html --2/3 of the way down the page
Yeah. I did that yesterday. Thanks Lumpy.