Printable View
My firewall has been of late picking up lots of scans everytime if get on,mostly on port 80 and some for Sub7. This is strange because usually i wasn't getting any. Now i have a couple of questions
1. Why is my firewall ZA being so active lately, is that all right.
2. Usually the scan is on port 80. Should i be worried
Also, from where can i get a list of ISPs and their addresses
I get lots of scans when I get on a P2P network... I consider it normal and non-worrysome, as long as they don't acturally get a connection to anything... Port 80 is HTTP, if you're a webserver. The client (your web browser) normally uses a different port. My fire wall is filled up with all sorts of stuff. Most of my refusals are Gnutella connections. I might write a program to sift through my log and make a text file with the other refusals in the future, so I woun't have to go through 1,000 gnutella related ones to find the 1 - 100 scripts...
If you do a tracert (windows), or use the website http://visualroute.visualware.com 's scanner, you should beable to find the offending computer. It should tell you the ISP, and if you complain about it or something, telling the user, time, date, etc, something may be done about it. I haven't had experience with it, but others may have...
-Tim_axe
http://www.ripe.netQuote:
:hiphop: :smokes:
I use ARIN. (American Registry for Internet Numbers)
http://www.arin.net/tools/whois_help.html
It's usually pretty helpful.
I'm betting that a lot of the port 80s are leftover Nimdia and/or Code Red type worms. I still have students that connect and blam! get infected even at this point. The fact that ZA is picking it up is good. That means its doing its job, by protecting your machine from others.
You might want to go and find Sam Spade. This can do a reverse DNS on ip's and you can then send a copy of your ZA log to their abuse desk to deal with it.
Quote:
Originally posted here by ihsir
1. Why is my firewall ZA being so active lately, is that all right.
2. Usually the scan is on port 80. Should i be worried
Also, from where can i get a list of ISPs and their addresses
http://www.microsoft.com/technet/mpsa/start.asp
Try that
http://www.microsoft.com/downloads/r...eleaseid=31154
or that if (hfnetchk) you do not have Xp
Its (microsoft security advisor)an informative security from microsoft that will actually
give you advice on your security leaks
Good luck
Script Kiddies love port 80 also.
quote:
Originally posted here by ihsir
1. Why is my firewall ZA being so active lately, is that all right.
2. Usually the scan is on port 80. Should i be worried
Also, from where can i get a list of ISPs and their addresses
-----------------------------------------------------------------------------------------------------------------------
I would like to know why you want a list of ISPs and their address'.
Are you speaking of their IP Range or their physical address?
I think he might mean the isp's physical address. That way he can snail mail his logs. Either that or send em a bomb......
Hahaha souleman