-
April 8th, 2004, 09:12 AM
#1
Member
Port Scanning
Guys, I am having serious port scanning from ip address 80.255.128.x, 64.x.x.x, etc and is much... If i tried to trace back the ip, i will not be able to get any response from the ip address and if i do whois or lookup, I will get a response from the block of ip 80.x.x.x
Please how can i deal with these ips?
-
April 8th, 2004, 09:30 AM
#2
Please how can i deal with these ips?
I wouldn`t worry about it. They are just portscans.
NORML
Signature image is too tall!
-
April 8th, 2004, 09:34 AM
#3
Yep, don't worry about it. Just check to make sure your firewall is configured properly and up2date. Being scanned is, unfortunately, a fact of life these days.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
April 19th, 2004, 01:31 PM
#4
Junior Member
try this
i am not sure about canceling such port scanning, because if they rise it many time thay may get something (information) about your services, which to make them to attack these specific services. So, my suggestion is :
if the same IPs frequentlly appear to you (or may be using whois you got that the authority control the hitting IPs is the same, in case of that scanners using dial-up connections) then call that authority and give them the IP and all possible information (date, time, ...).
Beware of security guys!
-
April 19th, 2004, 01:34 PM
#5
Not really something to worry about...What OS? You can configure iptables in linux to block port scans....
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
April 19th, 2004, 01:39 PM
#6
if the same IPs frequentlly appear to you (or may be using whois you got that the authority control the hitting IPs is the same, in case of that scanners using dial-up connections) then call that authority and give them the IP and all possible information (date, time, ...).
Actually, if it's the same IPs repeating the same port scan over and over and over and over and.. well you get the point, it's most likely a worm. Many worms have a "port" scan in them in attempts to find new hosts to infect. I know at my campus there are quite a few machines which recently were infected. IIRC, Blaster is one such worm that does this regularly.
Filing a complaint might help but most ISPs don't deal with these (e.g., sending an email to the account in question warning them they may be infected).
-
April 20th, 2004, 08:02 PM
#7
Member
Thanks guys... I do the whois but at the end i will not be able to go to the ip end... It will not find any ip just tell me no respond and no one to blaim even the isp too i know will not care or response to my complaint.. All I did is to blocked the ip thats all.
thanks for all contributions and assistance.. and all thanks goes to anti online discussion group
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|