AsstChiefMark
Topic Author
Posts: 10465
Joined: Thu Feb 05, 2004 2:14 pm

Why Does S.I.T.A. Portscan My Computer?

Sun Jan 01, 2006 11:09 am

Two or three times a day, I get a portscan alert that traces back to Societe Internationale de Telecommunications Aeronautiques in Geneva (IP 57.62.62.66).

Are they hackers and virii mongers?

Here's their website. http://www.sita.com/default.htm

Mark

[Edited 2006-01-01 03:15:01]
Red tail...Red tail...Red tail...Red tail...Red tail...Red tail...Red tail...Red tail...Damned MSP...Red tail...Red tail
 
Klaus
Posts: 20622
Joined: Wed Jul 11, 2001 7:41 am

RE: Why Does S.I.T.A. Portscan My Computer?

Sun Jan 01, 2006 11:43 am

Quite possible that they've got one of their computers capered by a trojan or a bot which is now searching for other (Windows) machines to infect. It is not very likely that the organisation is actually condoning that. One could hope they know that they've got an infected system within their network...
 
eilennaei
Posts: 1003
Joined: Tue Nov 23, 2004 8:41 am

RE: Why Does S.I.T.A. Portscan My Computer?

Mon Jan 02, 2006 12:26 am

Quoting Klaus (Reply 1):
One could hope they know that they've got an infected system within their network...

This system is used by some Finnish ISPs. Quite a few people I know have been receiving notices though it. The feature you want here is "Dark address space monitoring".
http://www.f-secure.fi/products/fsnc/
 
Cruiser
Posts: 920
Joined: Fri Apr 15, 2005 2:08 am

RE: Why Does S.I.T.A. Portscan My Computer?

Mon Jan 02, 2006 1:06 am

Are you working at an airport? If not, then maybe PM me.

James
Leahy on Per Seat Costs: "Have you seen the B-2 fly-by at almost US$1bn a copy? It has only 2 seats!"
 
Klaus
Posts: 20622
Joined: Wed Jul 11, 2001 7:41 am

RE: Why Does S.I.T.A. Portscan My Computer?

Mon Jan 02, 2006 1:17 am

Quoting Eilennaei (Reply 2):
This system is used by some Finnish ISPs. Quite a few people I know have been receiving notices though it. The feature you want here is "Dark address space monitoring".

I'm not that deeply involved in the infrastructure aspects of the net, but the system you've mentioned appears to detect and block suspicious activities, not create it.

Maybe there are security systems actively scanning for known ports used by trojans or other malware within their own domain or subnet, but normally all portscans coming from the depths of the net should be considered malicious.
 
eilennaei
Posts: 1003
Joined: Tue Nov 23, 2004 8:41 am

RE: Why Does S.I.T.A. Portscan My Computer?

Mon Jan 02, 2006 1:26 am

That's correct Klaus, and the logic is that if the monitor sees constant scans to a strange IP address space from a customer, the client system is likely to be infected. The customer will be automatically informed and the account blocked meanwhile. The block will then be automatically lifted when the threat has been removed.

Edit: ... and about the original issue: it's a fair chance the offending traffic comes from a hijacked home computer to make the tracing of the real originator more difficult.

[Edited 2006-01-01 17:43:36]
 
Klaus
Posts: 20622
Joined: Wed Jul 11, 2001 7:41 am

RE: Why Does S.I.T.A. Portscan My Computer?

Mon Jan 02, 2006 1:43 am

Okay, but then that system would indeed not be involved in the scan - it would only notify the originator of the scan, wouldn't it?
 
Klaus
Posts: 20622
Joined: Wed Jul 11, 2001 7:41 am

RE: Why Does S.I.T.A. Portscan My Computer?

Mon Jan 02, 2006 1:57 am

Quoting Eilennaei (Reply 5):
Edit: ... and about the original issue: it's a fair chance the offending traffic comes from a hijacked home computer to make the tracing of the real originator more difficult.

That was my original point...!
 
eilennaei
Posts: 1003
Joined: Tue Nov 23, 2004 8:41 am

RE: Why Does S.I.T.A. Portscan My Computer?

Mon Jan 02, 2006 2:42 am

Quoting Klaus (Reply 6):
Okay, but then that system would indeed not be involved in the scan - it would only notify the originator of the scan, wouldn't it?

To detect the real culprit would be nearly impossible, the infection might have come though a chain of mass mailing machines, and once the Trojan has been placed, very little traffic (typically other worms will be uploaded on top) will be visible towards the infected system from the offender.

[Edited 2006-01-01 19:12:39]
 
Klaus
Posts: 20622
Joined: Wed Jul 11, 2001 7:41 am

RE: Why Does S.I.T.A. Portscan My Computer?

Mon Jan 02, 2006 2:53 am

I know - thus only the direct originator (identifiable by IP) would be addressable, not the original source. Cutting off one "leaf" from the bot net would be the most that could be done that way.
 
eilennaei
Posts: 1003
Joined: Tue Nov 23, 2004 8:41 am

RE: Why Does S.I.T.A. Portscan My Computer?

Mon Jan 02, 2006 3:13 am

Quoting Klaus (Reply 9):
Cutting off one "leaf" from the bot net would be the most that could be done that way.

Indeed. Were it otherwise, the net virus problem would not exist!

Who is online

Users browsing this forum: ContentCreator, mmo, SOBHI51 and 3 guests