Hi All,
I often get a message on my home PC.
An alert message appears saying something about 'Port Scan' attack.
What exactly is this?
I am using a LAN at my place.
thanks.
Riya
Printable View
Hi All,
I often get a message on my home PC.
An alert message appears saying something about 'Port Scan' attack.
What exactly is this?
I am using a LAN at my place.
thanks.
Riya
Hi All,
I often get a message on my home PC.
An alert message appears saying something about 'Port Scan' attack.
What exactly is this?
I am using a LAN at my place.
thanks.
Riya
Ok, This is not always a cause for concern. But, this can be one of two things.
(1) It is a malicious user attempting to scan your computer/range of computers for open ports or vunerabilities.
(2) Some ligitimate traffic that can set off the firewall to thinking it is (1), this is an often occurence.
hope i helped
Ok, This is not always a cause for concern. But, this can be one of two things.
(1) It is a malicious user attempting to scan your computer/range of computers for open ports or vunerabilities.
(2) Some ligitimate traffic that can set off the firewall to thinking it is (1), this is an often occurence.
hope i helped
Check your firewall logs and you can check where the port scans are coming from. Maybe you have unsecured wireless access to your LAN and a neighbor's camping out on your cloud, scanning you. Then again, could just be a virus randomly scanning from the WWW.
I find it a bit odd that you're picking up a port scan on your PC when generally such a scan wouldn't make it past your router.
What's your LAN setup? You wireless?
Check your firewall logs and you can check where the port scans are coming from. Maybe you have unsecured wireless access to your LAN and a neighbor's camping out on your cloud, scanning you. Then again, could just be a virus randomly scanning from the WWW.
I find it a bit odd that you're picking up a port scan on your PC when generally such a scan wouldn't make it past your router.
What's your LAN setup? You wireless?
Hi
Well you have not provided much information about the setup of LAN !
The computer has got certain ports that can be used for accessing various services on the internet like we use port 80 for browsing. The ports help our computer to get various services from the servers running those services like FTP, SMTP etc.
A portscan occurs as rightly stated by Modd' in any of the two conditions. If a port on your computer is found to be open and accessible then using any vunrebility if present and if it is done by a person then your computer may be in trouble as it can sometimes even be used to take control of the PC. I hope that it is your firewall that gives this message and it is a good thing as it shows it works fine. I hope it also gives you a IP address with it too. What you can do is to ban this ip address form accessing your machine for some time like an hour or so.
Moreover if you use some file sharing program like bitTorrent, Kaaza, LimeWire etc. then these attacks or so can be due to the fact that these applications work on specific ports and the other machines might be scanning yours for this port to find if it is open or not to attempt to connect to your machine.
Using good firewall settings you can definitely be saved from such attacks.
Hi
Well you have not provided much information about the setup of LAN !
The computer has got certain ports that can be used for accessing various services on the internet like we use port 80 for browsing. The ports help our computer to get various services from the servers running those services like FTP, SMTP etc.
A portscan occurs as rightly stated by Modd' in any of the two conditions. If a port on your computer is found to be open and accessible then using any vunrebility if present and if it is done by a person then your computer may be in trouble as it can sometimes even be used to take control of the PC. I hope that it is your firewall that gives this message and it is a good thing as it shows it works fine. I hope it also gives you a IP address with it too. What you can do is to ban this ip address form accessing your machine for some time like an hour or so.
Moreover if you use some file sharing program like bitTorrent, Kaaza, LimeWire etc. then these attacks or so can be due to the fact that these applications work on specific ports and the other machines might be scanning yours for this port to find if it is open or not to attempt to connect to your machine.
Using good firewall settings you can definitely be saved from such attacks.
Greeting's
Here is a good article that might help you undertand basics of port scanning :
http://www.auditmypc.com/freescan/re...t_scanning.asp
Greeting's
Here is a good article that might help you undertand basics of port scanning :
http://www.auditmypc.com/freescan/re...t_scanning.asp
Something else you could do is lookup the ip range that the scans are coming from. I.e. www.all-nettools.com (toolbox smart whois). Lookup the range and find out who the company is that maintains the range is. You can email the abuse account and most of the time you will get a reply back. (not always so if you don’t get one don’t get upset). I do this when ever I get spam emails on customer’s machines from people they don’t know. One machine was part of there support departments work stations that had a virus. This option might not get you anywhere most of the time, but can get you to someone who cares some of the time.... I think that made sense.
Something else you could do is lookup the ip range that the scans are coming from. I.e. www.all-nettools.com (toolbox smart whois). Lookup the range and find out who the company is that maintains the range is. You can email the abuse account and most of the time you will get a reply back. (not always so if you don’t get one don’t get upset). I do this when ever I get spam emails on customer’s machines from people they don’t know. One machine was part of there support departments work stations that had a virus. This option might not get you anywhere most of the time, but can get you to someone who cares some of the time.... I think that made sense.
I have firewall in my system and this message comes from that only.
I have firewall in my system and this message comes from that only.
Could you specify make and modell ??Quote:
firewall in my system
Brandname etc..
That might help us actually understanding what the message really means.. (If it's proppably a false positive etc)
Could you specify make and modell ??Quote:
firewall in my system
Brandname etc..
That might help us actually understanding what the message really means.. (If it's proppably a false positive etc)
McAfee Guardian
McAfee Guardian
What kind of router do you have? Wireless? Have you ever logged in to the router? You might be able to tell some things there.
It does sound like your McAfee firewall is working.
What kind of router do you have? Wireless? Have you ever logged in to the router? You might be able to tell some things there.
It does sound like your McAfee firewall is working.
Here are a few ideas with the info given thus far:
Aside from someone manually running port scans against you, (which is unlikely if its happening every day) you will commonly receive scans from machines that are infected with worms. They often run ping sweeps across large IP ranges looking for a response back. If they get a response back, they will sometimes run port sweeps against your IP looking for services that are running. If certain services appear to be open, it might attemp to exploit the service. All of this done autonomously of course.... scary huh?
On another note, if the scan originated from an internal IP, it might be something as simple as Yahoo messenger.... or some other messenger for the matter. Crafty programs attempt to subvert firewalls by seeing what ports you have open. Sometimes problematic in a corporation that tries to filter IM'ing.
Similar to what Mystery Man said... If you ever ran P2P File sharing programs like Bearshare, or eDonkey, and then quit/uninstalled it, you may see P2P servers/Supernodes running scans against you or certain IP ranges looking for active P2P clients... but this is usually targetted against specific ports rather than a large range. I commonly see ping sweeps against ports 6346-6348 (Gnutella ports).
And as ech0 stated... find out where it is originating from. It MIGHT shed some light on the subject. I like using D-shield. A web based 'WhoIs' which also lets you know if there are many negative reports against that IP (great for determining false positive behavior). www.dshield.org/ipinfo.php
Scans from China often are MSSQL worm propogation. Scans from Moracco & Turkey seemingly are often after compromising/defacing web pages.... (sorry if I am stereotyping - no offense meant to any of those countries) ; ) The hostname belonging to the IP may give you quite a bit of info.... whether or not its a cable/dsl user, a server (and maybe what type of server), if it comes from a specific website... or ad-server.
Either way... good luck!
Here are a few ideas with the info given thus far:
Aside from someone manually running port scans against you, (which is unlikely if its happening every day) you will commonly receive scans from machines that are infected with worms. They often run ping sweeps across large IP ranges looking for a response back. If they get a response back, they will sometimes run port sweeps against your IP looking for services that are running. If certain services appear to be open, it might attemp to exploit the service. All of this done autonomously of course.... scary huh?
On another note, if the scan originated from an internal IP, it might be something as simple as Yahoo messenger.... or some other messenger for the matter. Crafty programs attempt to subvert firewalls by seeing what ports you have open. Sometimes problematic in a corporation that tries to filter IM'ing.
Similar to what Mystery Man said... If you ever ran P2P File sharing programs like Bearshare, or eDonkey, and then quit/uninstalled it, you may see P2P servers/Supernodes running scans against you or certain IP ranges looking for active P2P clients... but this is usually targetted against specific ports rather than a large range. I commonly see ping sweeps against ports 6346-6348 (Gnutella ports).
And as ech0 stated... find out where it is originating from. It MIGHT shed some light on the subject. I like using D-shield. A web based 'WhoIs' which also lets you know if there are many negative reports against that IP (great for determining false positive behavior). www.dshield.org/ipinfo.php
Scans from China often are MSSQL worm propogation. Scans from Moracco & Turkey seemingly are often after compromising/defacing web pages.... (sorry if I am stereotyping - no offense meant to any of those countries) ; ) The hostname belonging to the IP may give you quite a bit of info.... whether or not its a cable/dsl user, a server (and maybe what type of server), if it comes from a specific website... or ad-server.
Either way... good luck!