Discussion in 'Windows Desktop Systems' started by sumojockey, Jul 17, 2002.
I have someone scanning the ports on my server regularly. WHat should I do?
Find out who they are. If they are up to no good get their plug pulled.
I ran WHOIS on the IP. It is an ATT range. I reported it to ATT. I still get hits on the firewall from the same IP. I thought maybe it was a proxy so I scanned it. Nothing. There is NO legitimate use for proxy scanning. Is there? I figure this person must be up to no good. If they know what they are doing they will eventually get around my firewall. So the question remains... What to do?
have you tried to control your ports [?] and play with some settings in firewall ..
Controlling my ports? I am not sure what you mean. There has been no penetration of the firewall. Only in examining the firewall log I see that a paricular IP has scanned every obvious port on my machine. Several times over.
Only thing you can do is send your logs to your ISP and his.
Mr. Hyde was hoping for something more diabolical but Dr. Jekyll says thanks to you all for you input. I've notified the ISP's.
dude calm down... 99999 out of 100000 ppl running a portscan are simple scriptkiddies that use win32 based progs
i get a portscan 20-30 times a day... thats simple normal... so if you have a firewall.... dont bother....
Someone gave a file ( trojan maybe ) and with that file can access your pc . What can you do now :
1) Scann your pc with an antivirus ( latest definitions )
2) A new fresh reinstall will be a problem ?
Get his ip and Send Massive 2MB + packests on his ars
Re: Best Thing
That usually only leads to more 'kiddie' games.
Your ISP also scans your ports to "see" if your still in compliance with your service contract. Well, that's what I have been told. Stick a router infront of em.
I beginning to think that the only thing they care about is if the bill is paid - and on time.!
Yes, in most cases thats true. Isp's receive reports everday about people doing portscans. I'm sure they let most of them slide by since they are usually harmless(but really annoying). If it persists over an extened period of time, then I'm sure an ISP will do something about it.
I don't know... I've seen many places that just stamp their reports and throw them in a file cabinet... Usually, the next guy hired throws them away.
ur isp or his wont even do anything unless he actually does somethign to u besides port scanning(At least i've never heard of em). There nothing illegal about it or nothing like that, just check what open ports you got and then make sure there's non outta the ordinary and then block his ip thru ur firewall.
When some1 is portscanning you.
try and get a Firewall like NIS NPF and stuff like dat, not tiny little firewall and BlackICE, cause they dont do Port Stealthing, NIS or NPF does.
what that means is that it will hide your ports from on-line hackers to scann ports.
what u can alos do is get your ISP to change your IP for you. if u have services like rogers or shaw, unplug your cable router totaly, and leave it unpluged for a few days, this will reset your IP and your ip will be new, therfore the hacker scanning your cant scan you for ports cause your IP has changed.
like i said, before, i have connections dunno about u, but when some1 irrearting like that does it to me, i packet them with 2mb + lines, they wont like that, they will be goin big time slow!!!!!!!
even if u have a firewall, the 2mb packeters will drop it cause the firewall is unable to handle so much information that big at 2mb packets a second
so how do we do this 2mb packeting
This is what i call making friends on-line, i have alot of friends on-line, who will do this for me, they usualy have T-1 connections. and i know them personally.
go on IRC and for ppl to packet you for them.
if u have a fast line, put up ZOMBIES on IRC, each zombie will attack that computer if u want it to
Kr0m: hey this is not kiddy gamez, this is called revenge. once you packet some1 turst me they wont want to do it again, cause they cant, ull hit em so hard that they cant do anything but change their IP.
hehheh, i need bb ....