India Broadband Forum

saugatdb · 04-27-09, 09:53 PM

well can it be stopped?? or can i take any legal actions against the holders of the ip addresses from which the attacks are coming??

Logik · 04-27-09, 10:45 PM

well if u can post some more details of the problem ur facing, that will be really nice. like the ips attacking u? since when ur facing the problem? Which Firewall ur using?

also tell me if ur having dynamic or static IP?

also notice one thing, sometimes, if a computer system is affected too much by a port scan, one can argue that the port scan was, in fact, a denial-of-service (DoS) attack, which is usually an offense.

there are certain online tests available to scan ports. google them

skap · 04-27-09, 10:50 PM

Yes you can submit them to abuse teams with logs. After you find that w.x.y.z IP is doing port scan on your network, login to dns record sites such as Free online network utilities - traceroute, nslookup, automatic whois lookup, ping, finger and find the owner of that IP address. ( Go to this site, choose Domain Dossier and enter that attacker IP w.x.y.z. This provides you contact and owner information of that IP.) If you scroll down in that page, you can find an email id to report any abuse activity. Send report to that email id.
Otherway is, you can submit to other abuse teams like dsheild

How to protect?
Port scanning can be blocked in so many ways.

1. Simple solution is by effectively configuring your Windows Firewall. Firewall configuration tips is provided here http://www.indiabroadband.net/comput...-firewall.html (what is port and program exception in Firewall?)

2. You can also see in Sygate Online Services, which provides online security threat scanning report of your computer. This report will say whether your computer is compliance with recommended basis security standard. When I checked, the scan checks for highly vulnerable open ports and not all ports.

3. There are some free valuable Firewalls available that can completely hide your computer from outside world. They help to run your computer in stealth mode. Some firewalls are ZoneAlarm & Comodo Firewall.

04-28-09, 02:49 AM

You can download these firewalls here.

saugatdb · 04-28-09, 05:26 AM

ok the thing is the ips from which i m getting the attacks are not same, when i checked them i found that they are from many countries(some of them are bsnl ips). im facing this problem from 2-3 weeks & i m using eset smart security 4.0 & i m a bsnl user so i got dynamic ip.

@skap
tested my compu @ sygate
results attached

skap · 04-28-09, 03:59 PM

Does your antivirus find any Trojan horse or worm in your computer? your computer might be infected.
Also monitor outgoing traffic from your computer to Internet.

saugatdb · 04-28-09, 04:17 PM

nop no virus or trojan is present in my comp. , i also regulary monitor my outgoing traffic & i dint found anything suspicicous

skap · 04-28-09, 04:59 PM

because the port 6000 is used by Trojan horse/worm to communicate. What AV do you use?

04-28-09, 05:01 PM

Quote:

Originally Posted by saugatdb

nop no virus or trojan is present in my comp. , i also regulary monitor my outgoing traffic & i dint found anything suspicicous

As per your anti virus......Try some other

04-28-09, 05:53 PM

Monitoring outgoing traffic is not easy. In my system when I initiate any program, svchost.exe access trusted area or internet and start downloading spyware. If you block it, you cannot access internet as there is another original svchost.exe which allows you to connect to internet. My system was hijacked, I fixed it and using my experience to block svchost.exe and other disguised files to prevent malware.

Time has long gone when you install an antivirus in your system and when it says your system is ok, it is so. If we know this much, imagine the kind of stuff hackers are made of.

Even with firewall we are not safe. Experience is the name man gives to his mistakes.

04-27-09, 09:53 PM	#1
saugatdb Bronze Member Join Date: Nov 2008 Location: Kolkata Posts: 110 Rep Power: 2	port scan attack well can it be stopped?? or can i take any legal actions against the holders of the ip addresses from which the attacks are coming??

04-27-09, 10:45 PM	#2
Logik Gold Member Join Date: Jan 2008 Location: On Internet Posts: 706 Rep Power: 6	well if u can post some more details of the problem ur facing, that will be really nice. like the ips attacking u? since when ur facing the problem? Which Firewall ur using? also tell me if ur having dynamic or static IP? also notice one thing, sometimes, if a computer system is affected too much by a port scan, one can argue that the port scan was, in fact, a denial-of-service (DoS) attack, which is usually an offense. there are certain online tests available to scan ports. google them __________________ BSNL Stands 4 : Bhai Sahab Nahi Lagega:D

04-27-09, 10:50 PM	#3
skap Gold Member Join Date: May 2008 Location: India Posts: 531 Rep Power: 2	Yes you can submit them to abuse teams with logs. After you find that w.x.y.z IP is doing port scan on your network, login to dns record sites such as Free online network utilities - traceroute, nslookup, automatic whois lookup, ping, finger and find the owner of that IP address. ( Go to this site, choose Domain Dossier and enter that attacker IP w.x.y.z. This provides you contact and owner information of that IP.) If you scroll down in that page, you can find an email id to report any abuse activity. Send report to that email id. Otherway is, you can submit to other abuse teams like dsheild How to protect? Port scanning can be blocked in so many ways. 1. Simple solution is by effectively configuring your Windows Firewall. Firewall configuration tips is provided here http://www.indiabroadband.net/comput...-firewall.html (what is port and program exception in Firewall?) 2. You can also see in Sygate Online Services, which provides online security threat scanning report of your computer. This report will say whether your computer is compliance with recommended basis security standard. When I checked, the scan checks for highly vulnerable open ports and not all ports. 3. There are some free valuable Firewalls available that can completely hide your computer from outside world. They help to run your computer in stealth mode. Some firewalls are ZoneAlarm & Comodo Firewall. __________________ SKAP www.skapadmin.net Ethical Hacking Forum Last edited by skap; 04-28-09 at 01:04 AM.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

04-28-09, 02:49 AM	#4
meetdilip Guest Posts: n/a	You can download these firewalls here.

04-28-09, 03:59 PM	#6
skap Gold Member Join Date: May 2008 Location: India Posts: 531 Rep Power: 2	Does your antivirus find any Trojan horse or worm in your computer? your computer might be infected. Also monitor outgoing traffic from your computer to Internet.

04-28-09, 04:17 PM	#7
saugatdb Bronze Member Join Date: Nov 2008 Location: Kolkata Posts: 110 Rep Power: 2	nop no virus or trojan is present in my comp. , i also regulary monitor my outgoing traffic & i dint found anything suspicicous

04-28-09, 04:59 PM	#8
skap Gold Member Join Date: May 2008 Location: India Posts: 531 Rep Power: 2	because the port 6000 is used by Trojan horse/worm to communicate. What AV do you use?

04-28-09, 05:53 PM	#10
meetdilip Guest Posts: n/a	Monitoring outgoing traffic is not easy. In my system when I initiate any program, svchost.exe access trusted area or internet and start downloading spyware. If you block it, you cannot access internet as there is another original svchost.exe which allows you to connect to internet. My system was hijacked, I fixed it and using my experience to block svchost.exe and other disguised files to prevent malware. Time has long gone when you install an antivirus in your system and when it says your system is ok, it is so. If we know this much, imagine the kind of stuff hackers are made of. Even with firewall we are not safe. Experience is the name man gives to his mistakes.

India Broadband Forum

port scan attack

port scan attack