Sponsor Message:
Non Aviation Forum
My Starred Topics | Profile | New Topic | Forum Index | Help | Search 
Why Does S.I.T.A. Portscan My Computer?  
User currently offlineAsstChiefMark From , joined Dec 1969, posts, RR:
Posted (8 years 11 months 3 weeks 4 days 10 hours ago) and read 1779 times:

Two or three times a day, I get a portscan alert that traces back to Societe Internationale de Telecommunications Aeronautiques in Geneva (IP 57.62.62.66).

Are they hackers and virii mongers?

Here's their website. http://www.sita.com/default.htm

Mark

[Edited 2006-01-01 03:15:01]

10 replies: All unread, jump to last
 
User currently offlineKlaus From Germany, joined Jul 2001, 21521 posts, RR: 53
Reply 1, posted (8 years 11 months 3 weeks 4 days 9 hours ago) and read 1758 times:

Quite possible that they've got one of their computers capered by a trojan or a bot which is now searching for other (Windows) machines to infect. It is not very likely that the organisation is actually condoning that. One could hope they know that they've got an infected system within their network...

User currently offlineEilennaei From , joined Dec 1969, posts, RR:
Reply 2, posted (8 years 11 months 3 weeks 3 days 20 hours ago) and read 1711 times:

Quoting Klaus (Reply 1):
One could hope they know that they've got an infected system within their network...

This system is used by some Finnish ISPs. Quite a few people I know have been receiving notices though it. The feature you want here is "Dark address space monitoring".
http://www.f-secure.fi/products/fsnc/


User currently offlineCruiser From Canada, joined Apr 2005, 1001 posts, RR: 7
Reply 3, posted (8 years 11 months 3 weeks 3 days 20 hours ago) and read 1700 times:

Are you working at an airport? If not, then maybe PM me.

James



Leahy on Per Seat Costs: "Have you seen the B-2 fly-by at almost US$1bn a copy? It has only 2 seats!"
User currently offlineKlaus From Germany, joined Jul 2001, 21521 posts, RR: 53
Reply 4, posted (8 years 11 months 3 weeks 3 days 19 hours ago) and read 1692 times:

Quoting Eilennaei (Reply 2):
This system is used by some Finnish ISPs. Quite a few people I know have been receiving notices though it. The feature you want here is "Dark address space monitoring".

I'm not that deeply involved in the infrastructure aspects of the net, but the system you've mentioned appears to detect and block suspicious activities, not create it.

Maybe there are security systems actively scanning for known ports used by trojans or other malware within their own domain or subnet, but normally all portscans coming from the depths of the net should be considered malicious.


User currently offlineEilennaei From , joined Dec 1969, posts, RR:
Reply 5, posted (8 years 11 months 3 weeks 3 days 19 hours ago) and read 1687 times:

That's correct Klaus, and the logic is that if the monitor sees constant scans to a strange IP address space from a customer, the client system is likely to be infected. The customer will be automatically informed and the account blocked meanwhile. The block will then be automatically lifted when the threat has been removed.

Edit: ... and about the original issue: it's a fair chance the offending traffic comes from a hijacked home computer to make the tracing of the real originator more difficult.

[Edited 2006-01-01 17:43:36]

User currently offlineKlaus From Germany, joined Jul 2001, 21521 posts, RR: 53
Reply 6, posted (8 years 11 months 3 weeks 3 days 19 hours ago) and read 1678 times:

Okay, but then that system would indeed not be involved in the scan - it would only notify the originator of the scan, wouldn't it?

User currently offlineKlaus From Germany, joined Jul 2001, 21521 posts, RR: 53
Reply 7, posted (8 years 11 months 3 weeks 3 days 19 hours ago) and read 1673 times:

Quoting Eilennaei (Reply 5):
Edit: ... and about the original issue: it's a fair chance the offending traffic comes from a hijacked home computer to make the tracing of the real originator more difficult.

That was my original point...!


User currently offlineEilennaei From , joined Dec 1969, posts, RR:
Reply 8, posted (8 years 11 months 3 weeks 3 days 18 hours ago) and read 1665 times:

Quoting Klaus (Reply 6):
Okay, but then that system would indeed not be involved in the scan - it would only notify the originator of the scan, wouldn't it?

To detect the real culprit would be nearly impossible, the infection might have come though a chain of mass mailing machines, and once the Trojan has been placed, very little traffic (typically other worms will be uploaded on top) will be visible towards the infected system from the offender.

[Edited 2006-01-01 19:12:39]

User currently offlineKlaus From Germany, joined Jul 2001, 21521 posts, RR: 53
Reply 9, posted (8 years 11 months 3 weeks 3 days 18 hours ago) and read 1662 times:

I know - thus only the direct originator (identifiable by IP) would be addressable, not the original source. Cutting off one "leaf" from the bot net would be the most that could be done that way.

User currently offlineEilennaei From , joined Dec 1969, posts, RR:
Reply 10, posted (8 years 11 months 3 weeks 3 days 18 hours ago) and read 1651 times:

Quoting Klaus (Reply 9):
Cutting off one "leaf" from the bot net would be the most that could be done that way.

Indeed. Were it otherwise, the net virus problem would not exist!


Top Of Page
Forum Index

This topic is archived and can not be replied to any more.

Printer friendly format

Similar topics:More similar topics...
Why Does My Computer Get So Hot? posted Sun May 29 2005 04:03:10 by Lehpron
How Does My Computer... posted Sat Oct 21 2006 20:35:16 by Piercey
Why Is My Computer Shutdown So Slow? posted Tue Oct 10 2006 08:22:46 by Sean1234
Why Is My Computer Beeping? posted Wed Dec 14 2005 22:45:11 by LooneyToon
Why Does My Nose Bleed After Flying? posted Sun Feb 20 2005 17:00:37 by TupolevTu154
Why Does It Always Rain After I Wash My Car? posted Thu Apr 10 2003 09:42:17 by UTA_flyinghigh
I'm Out In The Cold (to Chill My Computer)! posted Thu Nov 23 2006 09:51:31 by Lehpron
My Computer Died posted Fri Sep 22 2006 01:24:47 by Bill142
Why Does Nascar Attract Hate? posted Mon Jun 19 2006 19:02:47 by Navymidn
Why Does Beckham Play In Long Sleeves? posted Tue Jun 13 2006 09:56:12 by Aerosol