c-t-g scanning me!

[kurt_der_koenig]

Recently I downloaded a free freewall. When I checked the intrusions tabs I've found at least five different people/computers port scanning me and a couple of Cyberkit pings! Some where ip addresses and the others had a website/computer that was doing it, C-T-G! Why would a company website port scan me????

[KeyserSoze]

I would guess that people are gonna need more information to help you, such as:
1. The free firewall that you are using
2. A snippet of your logs containing the "breeches"

I do know that when I enter some channels on irc that the motd usually includes some info about checking me for certain things, and that they may show up as a scan. I'm not familiar with ctg, but websites/servers gathering info during a connection you initiate does not seem to be that irregular...

[dopeydadwarf]

Recently I downloaded a free freewall. When I checked the intrusions tabs I've found at least five different people/computers port scanning me and a couple of Cyberkit pings! Some where ip addresses and the others had a website/computer that was doing it, C-T-G! Why would a company website port scan me????

A snippet would be nice to examine.

This stuff is a daily occurance now. I get scanned at least 5 times a day for some trojan or other, plus invalid flags, port scans, all sorts of stuff. This box I am using now is nothing more an interent box. Check the email, solitare stuff like that. I wouldn't be too worried about it. You have made a step into the right direction with a firewall. Just follow that up with some good settings, an AV and patch the box. There are many other aspects to consider here but for the most part you are on the right path for personal pc security. Good luck

Be safe and stay free.

[kurt_der_koenig]

Thanx.... I'm using kerio personal firewall!
example::: 26/feb/2004 15:55:20 "icmp ping cyberkit 2.2 windows" <--in ip address here misc-activity low dropped

and the others like port scanning are basicly the same! The thing with c-t-g.com is that I never went onto their site before let alone heard of them! Thanks for answering back!

[SirDice]

Getting probed is "normal" if you're online these days. It usually takes less then 2 min. before you'll see a couple of probes from virusses, scriptkiddies and whatnot.

What kind of probes are you getting from ctg?
Depending on the probes you're getting it could be their webserver is infected with a virus or maybe someone cracked their site and uses it to hide.

[Tedob1]

the ping packets (ICMP) from the welchia and nachie worms and probably a few more are very similar to cyberkit packets. your firewall looks for a certain signiture just becaue it matches doesn't mean it has to be exectly what it says it is.

because these worms spoof address the packets might not be comming from where it says its from either

[nihil]

Six hits in the last ten minutes.........

Not so long ago I had to turn of the "incoming" warning because I was getting 15-20 per minute (worms autoscanning?)

Welcome to the internet

Cheers

[extremez]

I agree if this is your first software firewall relax a little, your ip is being scanned, probed and knocked on constantly, and firewalls try to block everything to be safe, so a lot of what you see is not malicious, but logged "just in case".

Domain names can be spoofed. And a website can be used as proxy, so the traffic is coming from them but they aren't the originators of it.