Thread: port scan attack

well can it be stopped?? or can i take any legal actions against the holders of the ip addresses from which the attacks are coming??

well if u can post some more details of the problem ur facing, that will be really nice. like the ips attacking u? since when ur facing the problem? Which Firewall ur using?

also tell me if ur having dynamic or static IP?

also notice one thing, sometimes, if a computer system is affected too much by a port scan, one can argue that the port scan was, in fact, a denial-of-service (DoS) attack, which is usually an offense.

there are certain online tests available to scan ports. google them

Yes you can submit them to abuse teams with logs. After you find that w.x.y.z IP is doing port scan on your network, login to dns record sites such as Free online network utilities - traceroute, nslookup, automatic whois lookup, ping, finger and find the owner of that IP address. ( Go to this site, choose Domain Dossier and enter that attacker IP w.x.y.z. This provides you contact and owner information of that IP.) If you scroll down in that page, you can find an email id to report any abuse activity. Send report to that email id.
Otherway is, you can submit to other abuse teams like dsheild

How to protect?
Port scanning can be blocked in so many ways.

1. Simple solution is by effectively configuring your Windows Firewall. Firewall configuration tips is provided here http://www.indiabroadband.net/comput...-firewall.html (what is port and program exception in Firewall?)

2. You can also see in Sygate Online Services, which provides online security threat scanning report of your computer. This report will say whether your computer is compliance with recommended basis security standard. When I checked, the scan checks for highly vulnerable open ports and not all ports.

3. There are some free valuable Firewalls available that can completely hide your computer from outside world. They help to run your computer in stealth mode. Some firewalls are ZoneAlarm & Comodo Firewall.

You can download these firewalls here.

ok the thing is the ips from which i m getting the attacks are not same, when i checked them i found that they are from many countries(some of them are bsnl ips). im facing this problem from 2-3 weeks & i m using eset smart security 4.0 & i m a bsnl user so i got dynamic ip.

@skap
tested my compu @ sygate
results attached

Does your antivirus find any Trojan horse or worm in your computer? your computer might be infected.
Also monitor outgoing traffic from your computer to Internet.

nop no virus or trojan is present in my comp. , i also regulary monitor my outgoing traffic & i dint found anything suspicicous

because the port 6000 is used by Trojan horse/worm to communicate. What AV do you use?

Originally Posted by saugatdb

nop no virus or trojan is present in my comp. , i also regulary monitor my outgoing traffic & i dint found anything suspicicous

As per your anti virus......Try some other

Monitoring outgoing traffic is not easy. In my system when I initiate any program, svchost.exe access trusted area or internet and start downloading spyware. If you block it, you cannot access internet as there is another original svchost.exe which allows you to connect to internet. My system was hijacked, I fixed it and using my experience to block svchost.exe and other disguised files to prevent malware.

Time has long gone when you install an antivirus in your system and when it says your system is ok, it is so. If we know this much, imagine the kind of stuff hackers are made of.

Even with firewall we are not safe. Experience is the name man gives to his mistakes.

All you can do is try using a good firewall to stop port scan & keep ur pc updated. Do check for viruses/malwares since they can even fool good antiviruses & other security softwares easily. There are simple methods to bypass firewalls too , so monitor ur outgoing & incomming traffic ( & data usage).

From Post 1.

well can it be stopped?? or can i take any legal actions against the holders of the ip addresses from which the attacks are coming??

sorry . did not read the thread fully.
Probably you are using torrents to download .
or in Email ?

could be some repetition in my post.




If you know the Ip address check location/country.
IP2Location.com - Lookup IP address to Country, State, City, Netblock, Longitude and Latitude

Go to filehippo.com and select any FREE AV and firewall applications. ( about 10 each available )

"PREVENTION IS BETTER THAN CURE"

Originally Posted by skap

because the port 6000 is used by Trojan horse/worm to communicate. What AV do you use?

ESET smart security 4.0

Originally Posted by meetdilip

Monitoring outgoing traffic is not easy. In my system when I initiate any program, svchost.exe access trusted area or internet and start downloading spyware. If you block it, you cannot access internet as there is another original svchost.exe which allows you to connect to internet. My system was hijacked, I fixed it and using my experience to block svchost.exe and other disguised files to prevent malware.

Time has long gone when you install an antivirus in your system and when it says your system is ok, it is so. If we know this much, imagine the kind of stuff hackers are made of.

Even with firewall we are not safe. Experience is the name man gives to his mistakes.

ok i will try to figure it out

Originally Posted by essbebe

From Post 1.

sorry . did not read the thread fully.
Probably you are using torrents to download .
or in Email ?
could be some repetition in my post.

If you know the Ip address check location/country.
IP2Location.com - Lookup IP address to Country, State, City, Netblock, Longitude and Latitude

Go to filehippo.com and select any FREE AV and firewall applications. ( about 10 each available )

"PREVENTION IS BETTER THAN CURE"

well i dont use torrents for dwnload only from RS , i will try some other AV & firewall

Firewall Test, Web Tools and Free Internet Security Audit

add to book marks.
try the applications listed.

@essbebe, thanks for the link

Originally Posted by saugatdb

ESET smart security 4.0
well i dont use torrents for dwnload only from RS , i will try some other AV & firewall

RS downloads are not always safe. It has nothing to do with RS but many RS searching sites are not safe. Some of them have malware and if you search for 123fdfjor, they will show result as 123fdfjor 2.3V or 123fdfjor Pro.

Some kind of firewall like to show us they are efficient and would like to show how much they protect you from threats. May be ESET has similar thoughts. Just try Comodo or Zonealarm and check. You can always revert if you don't like.

These are free firewalls but Yahoo and Google are also free. I have already provided you the link. Always use a popular antivirus pack. Reporting of new threats will be more efficient in popular softs.

can you post results of "netstat -an |more" command?

before that close all your connections, say browser, messenger, emails espcially torrents and let Internet work!

This command will tell you
* Connections established in your computer to remote host
* all open ports in your computer and
* all listening ports in your computer

hello ,
If your work doesnot insist on windows operating system ,why not try a Linux distro like Ubuntu?much safer.moreover ,iptables can be configured for complex options using frontends like shorewall.
try Ubuntu ,if you are a Desktop Home user.Else for security ,Debian GNU/Linux is better.
ubuntu(dot)com
and
debian(dot)org

Good Luck!