Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Constantly scanning my computer

  1. #1
    Junior Member
    Join Date
    Oct 2003
    Posts
    2

    Constantly scanning my computer

    Somebody is scanning my computer all of the time. Basically, everytime that I'm online. My firewall Sygate 5.5 allows me to traceback to identify who it is. The person in question uses the same ISP as me and I have there email address. Basically, I tried scanning them back using GFI Languard but their system is secured so can't piss them off back. What annoys me is that my firewall is constantly flashing red which is really pissing me off. I don't want to report them to the ISP, I would much rather get my own back. I am a newbie to security/hacking concepts and have tried to secure my machine as much as possible and yes I have a few scanning tools. Can somebody suggest a tool or tools or methods I can use to get my own back on this **** who is making me paranoid !

  2. #2
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Mungkey,

    Interestingly enough, my ISP does exactly the same thing to me every time I log on. I don't know exactly how it works but, the ISP knows I'm on, however I have a packet dropping firewall and there is no indication that a live node is on the other end. It is part of their software to acknowledge an IP is being utilized.

    So in your case, I would contact them first before I decided to take some action. Also remember that although you may be getting scanned, it may not be alright for you to scan back.

    cheers.

    edit: Additionally, most of us get scanned frequently when we are online. Sounds like your firewall is doing is job of blocking or dropping. There are a myrid of scanning tools out their also. www.google.com

    Here's a quote from Slarty, one of our Senior Members, and it's appropriate here as well:

    Nearly all intrusion attempts since about 2001 have been from Windows worms. The owners of the machines are not (directly) responsible for their actions; most are entirely unaware of it. You should configure your IDS to ignore common worms intrusions, because they are so common and it is so pointless to report them.

  3. #3
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    There are quite a few reasons why you should report to the isp and not try to hack back. If you do a quick search of the forums you will see this has come up a few times befor. But ill give you some advice anyway.

    Don't ask for advice on hacking here, you will get flamed to death. This community is about security. Did you read the FAQ.

    Also the computer that you are getting scanned from may be a zombie and the person who owns it may be unaware he is scanning you.

    From what i have read most ordinary users that get hacked, do so because they have pissed some one off on IRC or a gameing site. As you are new to this do you realy want to piss someone off who maybe able to do some real damage to your box.

    Just a quick email to abuse@isp should be all you nead to do. Just enclose your firewall log.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  4. #4
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,018
    Or maybe it's just your ISP scanning to see if your IP is available?..just a thought

  5. #5
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,534
    To add to Relyt's post:
    10 ) Don't fight back (until you are the biggest baddest Muther F"*@er there is)
    20 ) report the abuse to your ISP.
    30 ) Check the F/W settings so that an alarm is NOT generated for this attack.
    40 ) Again in the F/W, put that address into your blocked list.
    50 ) Make a note of the address for when you ARE ( goto 10)
    so now I'm in my SIXTIES FFS
    WTAF, how did that happen, so no more alterations to the sig, it will remain as is now

    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Foxy and the other members are right:

    You do not know if it is a deliberate attack from that source?

    Like the IP addy is 123.123.123.789 EVERY time, or do the characters change?

    You may have someone with an infected machine on your subnet?..........they may not know about it...........talk to your ISP mate.


  7. #7
    Junior Member
    Join Date
    Apr 2004
    Posts
    10
    Just to ilustrate what groovicus said MY ISP keeps scanning me everytime I'm online, so do check who you are trying to mess with beforehand....

  8. #8
    Senior Member
    Join Date
    Aug 2003
    Posts
    119
    mungkey, I had the same problem not so long ago. Check out this thread and it may answer some questions for you http://www.antionline.com/showthread...hreadid=255793

    However the problem that I had was when I did attach my firewall logs, my ISP misread them and instead forwarded the report my way. This angered me, however it was probably an autoparser or something, so make sure they know that you are the victim! And more than likely as the others have said, its someone attacking you that isn't aware of what they are doing. Some of the steps I took to reduce the traffic I saw was, blocking their IP's with sygates advanced rules. Then blocking thier MAC address on top of that. And finally I got a hardware router. Haven't heard from them since.

    If your unsure how to block and IP address in Sygate, go to tools, advanced rules, then you can add a rule and specify it however you like. I'd suggest going straight for their mac address as IP's can be changed easier. Hope this helps!

  9. #9
    Junior Member
    Join Date
    Oct 2003
    Posts
    2

    Thanks. I feel a lot less paranoid now

    I've reported the problem to my ISP and have added the MAC address to my advanced rules.

    Cheers Guys

  10. #10
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Please be aware that "scan" a host inst considered an attack, except when the scan is slowing down your connection or causing other performance problems. Send 1 probe per minute, for example, cant be considered an attack even on an 33k connection. Just talking about ONE scan. Repetitive scan are considered annoying and must be reported.
    On other hand, there is some ISP that scans users computers to see if is there any "forbidenn" services (services that your contract prohibited - as an example. some ISP avoid HTTP servers on home connections). Consider it before block ISP packets.
    This kind of ISP scan is really dumb. ISP with more technologies just scan packets at random to see if you are doing some illegal activities (illegal - against your agreement).
    You can see this a privacy problem, but they really do that....
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •