Hi,

I've had 108 port scans performed on my machine since yesterday. My firewall has pick it up and seems to have prevented access.

My back trace tool has identified the IP addresses these port scans have been conducted from. Additionally I've reported this issue to the IP network owners, but haven't had any replies from them.

In the meantime, my machine continues to be scanned, every few minutes or so.

Is there anything I can do to get rid of this pest?

Thank you.

Hello,

I am not sure how you sent or worded your report to their ISP. Did you email the following users: [email="abuse@domainname"]abuse@domainname[/email], [email="postmaster@domainname"]postmaster@domainname[/email], [email="root@domainname"]root@domainname[/email], [email="admin@domainname"]admin@domainname[/email]. Usually these accounts are setup and tracked.

The only other real thing you can do to eliminate the pest is put up a firewall from that IP number. Now, if he changes IP's, then he can come at you again. If that is a concern, then wipe out the whole domain. I cut down a pile of spam by preventing my linux box (my main server) from talking to anyone at yahoo.com To my server, and to my mailbox and anywhere else, a yahoo account is blind to me. I am considering hotmail too.... but not everyone has the luxuary of wiping out a whole domain.

Is he scanning you on all ports, or just a couple in particular? If he is targeting a few ports, say 23 (telnet), 25 (smtp), 80 (web) then make sure the services that belong to those ports are patched.

If you want to have some fun, you can use nmap to determine what kind of machine the bozo who is knocking on your door is using. When one guy hit me 250 times in a day, I ran his information, and provided his ISP with the IP information, and what kind of computer it was. They were prompt and professional, and well, shut the guy down.

It is normal to be scanned once in a while. That is the nature of web life. Someone might be curious, some college student trying out the scripts. No one really knows. But repeated hammering is a different story.

Good Luck,

Christian

These days most port scans you see are coming from trojan infected zombies out there. (PC's infected with any of various virii or malware often hook up in vast botnets, ready to send out tons of spam, or to attack websites or users in a vast Denial of Service attacks. Such infected machines are commonly called 'Zombies').

If your ISP is small, you'll be scanned less, but if your ISP is large, (Verizon, AOL, the list goes on), you're most likely gonna get scanned several times a minute. My router's tracking all the portscans I get on my machine, and I'm scanned on average 3 times a minute, often more.

Just for reference, that means were I to reinstall Windows XP, and hop up on the web to grab all the latest updates, AND if I did not have a firewall, I'd be infected with one of these self spreading trojans before I could finish downloading the updates. Scary, huh?

The Only way I know how to avoid getting scanned is to never go online :)

my webroot pops up the notification of an FIN scan. all my shields are up it doesnt happen alot but i do get it a few times a day. 1) how do i look up the IP address? 2) is there any way to prevent or stop an FIN scan? the weird thing is i started having this problem recently not before. should i call up the internet provider and report an FIN scan?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.