 |  |  |  |  |  |  |  |
Can you stop someone from repeatedly port scanning your machine?
 |
Hi,
I've had 108 port scans performed on my machine since yesterday. My firewall has pick it up and seems to have prevented access.
My back trace tool has identified the IP addresses these port scans have been conducted from. Additionally I've reported this issue to the IP network owners, but haven't had any replies from them.
In the meantime, my machine continues to be scanned, every few minutes or so.
Is there anything I can do to get rid of this pest?
Thank you.
I've had 108 port scans performed on my machine since yesterday. My firewall has pick it up and seems to have prevented access.
My back trace tool has identified the IP addresses these port scans have been conducted from. Additionally I've reported this issue to the IP network owners, but haven't had any replies from them.
In the meantime, my machine continues to be scanned, every few minutes or so.
Is there anything I can do to get rid of this pest?
Thank you.
Regards,
Mark Carter
Business Seek .biz Business Directory
Find business and article resources. Submit a site or Submit an article.
Mark Carter
Business Seek .biz Business Directory
Find business and article resources. Submit a site or Submit an article.
Hello,
I am not sure how you sent or worded your report to their ISP. Did you email the following users: abuse@domainname, postmaster@domainname, root@domainname, admin@domainname. Usually these accounts are setup and tracked.
The only other real thing you can do to eliminate the pest is put up a firewall from that IP number. Now, if he changes IP's, then he can come at you again. If that is a concern, then wipe out the whole domain. I cut down a pile of spam by preventing my linux box (my main server) from talking to anyone at yahoo.com To my server, and to my mailbox and anywhere else, a yahoo account is blind to me. I am considering hotmail too.... but not everyone has the luxuary of wiping out a whole domain.
Is he scanning you on all ports, or just a couple in particular? If he is targeting a few ports, say 23 (telnet), 25 (smtp), 80 (web) then make sure the services that belong to those ports are patched.
If you want to have some fun, you can use nmap to determine what kind of machine the bozo who is knocking on your door is using. When one guy hit me 250 times in a day, I ran his information, and provided his ISP with the IP information, and what kind of computer it was. They were prompt and professional, and well, shut the guy down.
It is normal to be scanned once in a while. That is the nature of web life. Someone might be curious, some college student trying out the scripts. No one really knows. But repeated hammering is a different story.
Good Luck,
Christian
I am not sure how you sent or worded your report to their ISP. Did you email the following users: abuse@domainname, postmaster@domainname, root@domainname, admin@domainname. Usually these accounts are setup and tracked.
The only other real thing you can do to eliminate the pest is put up a firewall from that IP number. Now, if he changes IP's, then he can come at you again. If that is a concern, then wipe out the whole domain. I cut down a pile of spam by preventing my linux box (my main server) from talking to anyone at yahoo.com To my server, and to my mailbox and anywhere else, a yahoo account is blind to me. I am considering hotmail too.... but not everyone has the luxuary of wiping out a whole domain.
Is he scanning you on all ports, or just a couple in particular? If he is targeting a few ports, say 23 (telnet), 25 (smtp), 80 (web) then make sure the services that belong to those ports are patched.
If you want to have some fun, you can use nmap to determine what kind of machine the bozo who is knocking on your door is using. When one guy hit me 250 times in a day, I ran his information, and provided his ISP with the IP information, and what kind of computer it was. They were prompt and professional, and well, shut the guy down.
It is normal to be scanned once in a while. That is the nature of web life. Someone might be curious, some college student trying out the scripts. No one really knows. But repeated hammering is a different story.
Good Luck,
Christian
•
•
Join Date: Aug 2004
Posts: 277
Reputation: 
Solved Threads: 5
Unverified User
These days most port scans you see are coming from trojan infected zombies out there. (PC's infected with any of various virii or malware often hook up in vast botnets, ready to send out tons of spam, or to attack websites or users in a vast Denial of Service attacks. Such infected machines are commonly called 'Zombies').
If your ISP is small, you'll be scanned less, but if your ISP is large, (Verizon, AOL, the list goes on), you're most likely gonna get scanned several times a minute. My router's tracking all the portscans I get on my machine, and I'm scanned on average 3 times a minute, often more.
Just for reference, that means were I to reinstall Windows XP, and hop up on the web to grab all the latest updates, AND if I did not have a firewall, I'd be infected with one of these self spreading trojans before I could finish downloading the updates. Scary, huh?
If your ISP is small, you'll be scanned less, but if your ISP is large, (Verizon, AOL, the list goes on), you're most likely gonna get scanned several times a minute. My router's tracking all the portscans I get on my machine, and I'm scanned on average 3 times a minute, often more.
Just for reference, that means were I to reinstall Windows XP, and hop up on the web to grab all the latest updates, AND if I did not have a firewall, I'd be infected with one of these self spreading trojans before I could finish downloading the updates. Scary, huh?
|
Similar Threads
- Ubuntu: opening ports for connection (port scanner) (*nix Software)
- USB port shows healthy but not! (Windows NT / 2000 / XP)
- Help Please! My 'Time' machine is no more ;( (Troubleshooting Dead Machines)
- serial Port programming (Java)
- 'stop error' whilst scanning with Norton antivirus 2005 (Viruses, Spyware and other Nasties)
- using sendmail from home machine (Shell Scripting)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Error message when starting XP, NEWDOT~2.DLL
- Next Thread: IE hijacked -not responding to fixes
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos domains education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting report research risk rogueantivirus samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
