Sponsor Message:
Non Aviation Forum
My Starred Topics | Profile | New Topic | Forum Index | Help | Search 
Why Does S.I.T.A. Portscan My Computer?  
User currently offlineAsstChiefMark From , joined Dec 1969, posts, RR:
Posted (8 years 7 months 3 weeks 4 days 18 hours ago) and read 1659 times:

Two or three times a day, I get a portscan alert that traces back to Societe Internationale de Telecommunications Aeronautiques in Geneva (IP 57.62.62.66).

Are they hackers and virii mongers?

Here's their website. http://www.sita.com/default.htm

Mark

[Edited 2006-01-01 03:15:01]

10 replies: All unread, jump to last
 
User currently offlineKlaus From Germany, joined Jul 2001, 21442 posts, RR: 54
Reply 1, posted (8 years 7 months 3 weeks 4 days 17 hours ago) and read 1638 times:

Quite possible that they've got one of their computers capered by a trojan or a bot which is now searching for other (Windows) machines to infect. It is not very likely that the organisation is actually condoning that. One could hope they know that they've got an infected system within their network...

User currently offlineEilennaei From , joined Dec 1969, posts, RR:
Reply 2, posted (8 years 7 months 3 weeks 4 days 4 hours ago) and read 1591 times:

Quoting Klaus (Reply 1):
One could hope they know that they've got an infected system within their network...

This system is used by some Finnish ISPs. Quite a few people I know have been receiving notices though it. The feature you want here is "Dark address space monitoring".
http://www.f-secure.fi/products/fsnc/


User currently offlineCruiser From Canada, joined Apr 2005, 1001 posts, RR: 7
Reply 3, posted (8 years 7 months 3 weeks 4 days 4 hours ago) and read 1580 times:

Are you working at an airport? If not, then maybe PM me.

James



Leahy on Per Seat Costs: "Have you seen the B-2 fly-by at almost US$1bn a copy? It has only 2 seats!"
User currently offlineKlaus From Germany, joined Jul 2001, 21442 posts, RR: 54
Reply 4, posted (8 years 7 months 3 weeks 4 days 3 hours ago) and read 1572 times:

Quoting Eilennaei (Reply 2):
This system is used by some Finnish ISPs. Quite a few people I know have been receiving notices though it. The feature you want here is "Dark address space monitoring".

I'm not that deeply involved in the infrastructure aspects of the net, but the system you've mentioned appears to detect and block suspicious activities, not create it.

Maybe there are security systems actively scanning for known ports used by trojans or other malware within their own domain or subnet, but normally all portscans coming from the depths of the net should be considered malicious.


User currently offlineEilennaei From , joined Dec 1969, posts, RR:
Reply 5, posted (8 years 7 months 3 weeks 4 days 3 hours ago) and read 1567 times:

That's correct Klaus, and the logic is that if the monitor sees constant scans to a strange IP address space from a customer, the client system is likely to be infected. The customer will be automatically informed and the account blocked meanwhile. The block will then be automatically lifted when the threat has been removed.

Edit: ... and about the original issue: it's a fair chance the offending traffic comes from a hijacked home computer to make the tracing of the real originator more difficult.

[Edited 2006-01-01 17:43:36]

User currently offlineKlaus From Germany, joined Jul 2001, 21442 posts, RR: 54
Reply 6, posted (8 years 7 months 3 weeks 4 days 3 hours ago) and read 1558 times:

Okay, but then that system would indeed not be involved in the scan - it would only notify the originator of the scan, wouldn't it?

User currently offlineKlaus From Germany, joined Jul 2001, 21442 posts, RR: 54
Reply 7, posted (8 years 7 months 3 weeks 4 days 3 hours ago) and read 1553 times:

Quoting Eilennaei (Reply 5):
Edit: ... and about the original issue: it's a fair chance the offending traffic comes from a hijacked home computer to make the tracing of the real originator more difficult.

That was my original point...!


User currently offlineEilennaei From , joined Dec 1969, posts, RR:
Reply 8, posted (8 years 7 months 3 weeks 4 days 2 hours ago) and read 1545 times:

Quoting Klaus (Reply 6):
Okay, but then that system would indeed not be involved in the scan - it would only notify the originator of the scan, wouldn't it?

To detect the real culprit would be nearly impossible, the infection might have come though a chain of mass mailing machines, and once the Trojan has been placed, very little traffic (typically other worms will be uploaded on top) will be visible towards the infected system from the offender.

[Edited 2006-01-01 19:12:39]

User currently offlineKlaus From Germany, joined Jul 2001, 21442 posts, RR: 54
Reply 9, posted (8 years 7 months 3 weeks 4 days 2 hours ago) and read 1542 times:

I know - thus only the direct originator (identifiable by IP) would be addressable, not the original source. Cutting off one "leaf" from the bot net would be the most that could be done that way.

User currently offlineEilennaei From , joined Dec 1969, posts, RR:
Reply 10, posted (8 years 7 months 3 weeks 4 days 1 hour ago) and read 1531 times:

Quoting Klaus (Reply 9):
Cutting off one "leaf" from the bot net would be the most that could be done that way.

Indeed. Were it otherwise, the net virus problem would not exist!


Top Of Page
Forum Index

This topic is archived and can not be replied to any more.

Printer friendly format

Similar topics:More similar topics...
Why Does My Computer Get So Hot? posted Sun May 29 2005 04:03:10 by Lehpron
How Does My Computer... posted Sat Oct 21 2006 20:35:16 by Piercey
Why Is My Computer Shutdown So Slow? posted Tue Oct 10 2006 08:22:46 by Sean1234
Why Is My Computer Beeping? posted Wed Dec 14 2005 22:45:11 by LooneyToon
Why Does My Nose Bleed After Flying? posted Sun Feb 20 2005 17:00:37 by TupolevTu154
Why Does It Always Rain After I Wash My Car? posted Thu Apr 10 2003 09:42:17 by UTA_flyinghigh
I'm Out In The Cold (to Chill My Computer)! posted Thu Nov 23 2006 09:51:31 by Lehpron
My Computer Died posted Fri Sep 22 2006 01:24:47 by Bill142
Why Does Nascar Attract Hate? posted Mon Jun 19 2006 19:02:47 by Navymidn
Why Does Beckham Play In Long Sleeves? posted Tue Jun 13 2006 09:56:12 by Aerosol