aloges
Posts: 14842
Joined: Tue Jan 17, 2006 3:38 am

Port Scans - What To Do?

Sun Jan 28, 2007 9:47 pm

My firewall has reported a total of nine port scans from one single IP in the last 13:30 hours. I've traced that IP and found this address in the whois info: "abuse@bezeqint.net". Bezeqint is from Israel as per that info and the IP belongs to an ADSL customer connection... should I write them and complain if this continues or should I just forget about the scans and move on?

I have to say I was happier with the DSL router at my old place, that one had a built-in firewall unlike my cable modem at the new place.

edited for spelling

[Edited 2007-01-28 13:48:14]
Don't cry because it's over, smile because it happened.
 
kaddyuk
Posts: 3697
Joined: Thu Nov 08, 2001 1:04 am

RE: Port Scans - What To Do?

Sun Jan 28, 2007 10:11 pm

Quoting Aloges (Thread starter):
should I just forget about the scans and move on?

If they're being stopped, what are you complaining at?
Whoever said "laughter is the best medicine" never had Gonorrhea
 
gkirk
Posts: 23346
Joined: Thu Jun 15, 2000 3:29 am

RE: Port Scans - What To Do?

Sun Jan 28, 2007 10:16 pm

Try a starboard scan?  duck 
When you hear the noise of the Tartan Army Boys, we'll be coming down the road!
 
aloges
Posts: 14842
Joined: Tue Jan 17, 2006 3:38 am

RE: Port Scans - What To Do?

Sun Jan 28, 2007 10:16 pm

Quoting Kaddyuk (Reply 1):
If they're being stopped, what are you complaining at?

That I haven't an idea how effectively they are stopped. And the fact that someone is either maliciously snooping on me or running a machine with some sort of parasite on it.

Quoting Gkirk (Reply 2):
Try a starboard scan?

You're stupid!  box 

[Edited 2007-01-28 14:17:46]
Don't cry because it's over, smile because it happened.
 
ZakHH
Posts: 1570
Joined: Fri Jul 08, 2005 11:32 pm

RE: Port Scans - What To Do?

Sun Jan 28, 2007 10:41 pm

Quoting Aloges (Thread starter):
Port Scans - What To Do?

Don't catch a Trojan. Then you don't have to worry. As long as all doors are locked, let them scan as much as they want.

Nowadays, reporting port scanners to their providers is like a fight against windmills.

If you want, you can set up a honeypot, protocol the intrusion attempts and script-report them to the respective providers. But I doubt it will make a big difference.

Or you can install a firewall router behind your cable modem, then they won't even get through to your PC.

I for myself decided to shut off the portscan reports with my firewall. I find the constant popups quite annoying - seems some firewalls feel a great need to justify their existence.
Tired of a.net? Join a friendly aviation community!
 
TedTAce
Posts: 9098
Joined: Sun Mar 27, 2005 12:31 am

RE: Port Scans - What To Do?

Sun Jan 28, 2007 11:00 pm

Quoting Aloges (Thread starter):
should I write them and complain if this continues

 yes 

Quoting Gkirk (Reply 2):
Try a starboard scan?

Aren't you late for your sheep call?

Quoting ZakHH (Reply 4):
honeypot

 yes 

Quoting ZakHH (Reply 4):
seems some firewalls feel a great need to justify their existence.

Well, let's see, you paid $x for the equipment, you ought to have the option to know it is working right? I agree about being able to choose the reporting, but I would just create another .pst and filter those e-mails to that file.
This space intentionally left blank

Who is online

Users browsing this forum: ltbewr, PacificBeach88 and 6 guests