•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 455,974 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 3,766 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Viruses, Spyware and other Nasties advertiser: 64-bit Windows Community
Views: 2595 | Replies: 3
 |
| |
•
•
Join Date: Aug 2004
Posts: 6
Reputation: 
Rep Power: 0
Solved Threads: 0
Newbie Poster
Hi,
I've had 108 port scans performed on my machine since yesterday. My firewall has pick it up and seems to have prevented access.
My back trace tool has identified the IP addresses these port scans have been conducted from. Additionally I've reported this issue to the IP network owners, but haven't had any replies from them.
In the meantime, my machine continues to be scanned, every few minutes or so.
Is there anything I can do to get rid of this pest?
Thank you.
I've had 108 port scans performed on my machine since yesterday. My firewall has pick it up and seems to have prevented access.
My back trace tool has identified the IP addresses these port scans have been conducted from. Additionally I've reported this issue to the IP network owners, but haven't had any replies from them.
In the meantime, my machine continues to be scanned, every few minutes or so.
Is there anything I can do to get rid of this pest?
Thank you.
Regards,
Mark Carter
Business Seek .biz Business Directory
Find business and article resources. Submit a site or Submit an article.
Mark Carter
Business Seek .biz Business Directory
Find business and article resources. Submit a site or Submit an article.
•
•
Join Date: Mar 2004
Posts: 1,514
Reputation:
Rep Power: 10
Solved Threads: 49
Hello,
I am not sure how you sent or worded your report to their ISP. Did you email the following users: abuse@domainname, postmaster@domainname, root@domainname, admin@domainname. Usually these accounts are setup and tracked.
The only other real thing you can do to eliminate the pest is put up a firewall from that IP number. Now, if he changes IP's, then he can come at you again. If that is a concern, then wipe out the whole domain. I cut down a pile of spam by preventing my linux box (my main server) from talking to anyone at yahoo.com To my server, and to my mailbox and anywhere else, a yahoo account is blind to me. I am considering hotmail too.... but not everyone has the luxuary of wiping out a whole domain.
Is he scanning you on all ports, or just a couple in particular? If he is targeting a few ports, say 23 (telnet), 25 (smtp), 80 (web) then make sure the services that belong to those ports are patched.
If you want to have some fun, you can use nmap to determine what kind of machine the bozo who is knocking on your door is using. When one guy hit me 250 times in a day, I ran his information, and provided his ISP with the IP information, and what kind of computer it was. They were prompt and professional, and well, shut the guy down.
It is normal to be scanned once in a while. That is the nature of web life. Someone might be curious, some college student trying out the scripts. No one really knows. But repeated hammering is a different story.
Good Luck,
Christian
I am not sure how you sent or worded your report to their ISP. Did you email the following users: abuse@domainname, postmaster@domainname, root@domainname, admin@domainname. Usually these accounts are setup and tracked.
The only other real thing you can do to eliminate the pest is put up a firewall from that IP number. Now, if he changes IP's, then he can come at you again. If that is a concern, then wipe out the whole domain. I cut down a pile of spam by preventing my linux box (my main server) from talking to anyone at yahoo.com To my server, and to my mailbox and anywhere else, a yahoo account is blind to me. I am considering hotmail too.... but not everyone has the luxuary of wiping out a whole domain.
Is he scanning you on all ports, or just a couple in particular? If he is targeting a few ports, say 23 (telnet), 25 (smtp), 80 (web) then make sure the services that belong to those ports are patched.
If you want to have some fun, you can use nmap to determine what kind of machine the bozo who is knocking on your door is using. When one guy hit me 250 times in a day, I ran his information, and provided his ISP with the IP information, and what kind of computer it was. They were prompt and professional, and well, shut the guy down.
It is normal to be scanned once in a while. That is the nature of web life. Someone might be curious, some college student trying out the scripts. No one really knows. But repeated hammering is a different story.
Good Luck,
Christian
•
•
Join Date: Aug 2004
Location: Somewhere far from you all.
Posts: 277
Reputation:
Rep Power: 0
Solved Threads: 5
Unverified User
These days most port scans you see are coming from trojan infected zombies out there. (PC's infected with any of various virii or malware often hook up in vast botnets, ready to send out tons of spam, or to attack websites or users in a vast Denial of Service attacks. Such infected machines are commonly called 'Zombies').
If your ISP is small, you'll be scanned less, but if your ISP is large, (Verizon, AOL, the list goes on), you're most likely gonna get scanned several times a minute. My router's tracking all the portscans I get on my machine, and I'm scanned on average 3 times a minute, often more.
Just for reference, that means were I to reinstall Windows XP, and hop up on the web to grab all the latest updates, AND if I did not have a firewall, I'd be infected with one of these self spreading trojans before I could finish downloading the updates. Scary, huh?
If your ISP is small, you'll be scanned less, but if your ISP is large, (Verizon, AOL, the list goes on), you're most likely gonna get scanned several times a minute. My router's tracking all the portscans I get on my machine, and I'm scanned on average 3 times a minute, often more.
Just for reference, that means were I to reinstall Windows XP, and hop up on the web to grab all the latest updates, AND if I did not have a firewall, I'd be infected with one of these self spreading trojans before I could finish downloading the updates. Scary, huh?
|
•
•
•
•
•
•
•
•
DaniWeb Viruses, Spyware and other Nasties Marketplace
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Hybrid Mode
- Cannot Connect to, Linksys' Web Based Utility, I need help (Networking Hardware Configuration)
- Does window.stop() work in IE? (JavaScript / DHTML / AJAX)
- Running Symantec Scan Engine from a Java Program (Community Introductions)
- Optimum Online Web Hosting. (Networking Hardware Configuration)
- Problem about Bus Topology (Networking Hardware Configuration)
- tasm, we need help guys... please (Assembly)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Error message when starting XP, NEWDOT~2.DLL
- Next Thread: IE hijacked -not responding to fixes
