Thread: Getting scanned

Since the past two days I've noticed that my firewall (Comodo) is registering a whole lot of intrusion attempts. Maybe they've been there earlier, but I noticed it only yesterday when the connection broke for no reason two to three times. I thought it was the firewall breaking the connection when it can't handle the stuff, but I'm not sure of this.

Anyway, here are the IPs trying to get in:
59.95.66.126
59.95.8.39
59.95.167.36
59.95.162.194
59.95.23.64

and some foreign ones:
61.164.113.81
61.128.250.6
89.25.70.252
208.94.180.94

This might seem normal to some, but the thing I can't understand is that many of these IPs kept scanning even if I reconnected. I mean, I disconnected and reconnected, then even switched the modem off and started it again after a minute, and as soon as I connected the same IPs trying to connect. It could be the ISP doing some kind of scan (though I don't understand what that is), but that would explain the Indian IPs, the other one (61.164.113.81) is a Chinese IP, so how come it pops up all the time? If I reconnect and get another IP then the one scanning me shouldn't be able to find me, right? Or is it that it is scanning a range of IPs and it just happens that my IP even after reconnecting falls into that range?

Would appreciate some help here.

if you are running any type of file sharing program such as uTorrent or Limewire it is normal to have incoming connections. Add these programs to comodo's Exception list to allow "any protocol on any port from any ip" to avoid being detection of these connections as Intrusion Attempts.

Problem is, I wasn't running Utorrent then, and not at later times either. Now, every time I connect, there's someone or the other trying to connect. Its like my computer has got some sort of identification and as soon as I connect, it gets detected and people try to barge in.

as i think there may be 2 reasons
1) Virus : as some virus update themselves from their originals so as soon as you connect they send message to originals and then they try to sneak in....

2) the 61.X.X.X ip you are getting can be easily a fake ip who is in India itself and using those ip's

so just check if they are regularly the same ip & in your task manager (process) check if there is any unknown program running.........

I scanned with Bitdefender Total Security 2009, which I update everyday, and nothing came up. There is something called a botnet about which I don't know much, but people say if you get caught in a botnet, your computer could be used by someone else to do his dirty work.

About the Task Manager, I've been checking it all this time, but it shows all legitimate processes. There are quite a few svchost.exe; I'm attaching a screenshot taken by Process Explorer.

Thats why i prefer and encourage poeple to use peer guradian if they are torrenting but your case is exceptional as you have said that you are not using any type of p2p soft. i think there must be some virus who is trying to connect to its server.

I do use Peerguardian when I run Utorrent. But the time from when I noticed all this, I haven't been using it, and yet every time I connect the same IPs are also there, waiting for me. But I'm beginning to think this might not be any real virus or anything.

All the rest of you, doesn't your firewall show anything? And what kind of connection do you use - manually connecting or letting the modem save and connect with the login details?

no first of all when i installed that Comodo firewall i have one word for that its really paranoid, totally just ....... i dont know what to say

I am using Norton's firewall so its ok for me, i am using PPPoE mode and my system is running 24x7x365 with torrent always on xDD

the computers trying to get in , are probably just bots , they are probably pcs used by normal people but highly infected that the virus in them starts trying to hack other pcs by looking for open port etc..

yes as said about the bot thing....... remove it & see ( i guess you have already done that) but not much of options left as you have already used most of the recommended software's...... better format & re-install....

Not necessary that it should be scanning. Quite often as soon as I connect to internet, commodo pops in a dialog showing "another bsnl IP" trying to make connection over the "445" port.

Apparently that port is a vulnerable one,so i keep it disabled. Right now I have 100's of blocked firewall events, all coming from BSNL ip's

Firewall blocking events maynot be necessarily subscribers trying to hack.