I dont know the rules of the forums too well, but this one guy (firewall picked up his machine as <LEAFROOM>) portscanned me 133 times in the course of a few hours. I know its illegal, but I'm no saint either so I dont know what I can do to get him to stop.. I dont want to hassle abuse@shaw.ca and drag my IP and history into it.. can anyone offer a suggestion of how to get in contact with someone based on their IP?
Being port scanned, advice
- Thread starter CyraKrin
- Start date
send an email to this address, minus the brackets: [*@<IP>.com] and it will go right into his email box.
don't bother, the ISP isn't going to intervene on your behalf, you pay what $40 a month? They don't care, just lock down your firewall and make sure you are secure and not worry about it. In the same vein, I gave a friend of mine black ice when we moved into the dorms b/c he didn't have a good firewall, then I had to put up with the idiot CALLING me at all hours of the day and night saying he got a scan or something came up in his firewall logs, what should he do, then I told him about visual route and he started calling ISP's about scans they eventually stopped answering his calls/emails (literally he would place hundreds of calls/emails in a month) and I stopped answering the phone when his callerid popped up. Don't be that guy.
Or you could turn off your system, that always works too, or just reboot your router to get a new ip address if you have pppoe. If you have a static address, well, then I hope your system is secure.
I can almost absolutely guarantee you that he did not scan you 133 times. That's just absurd. No one is going to scan the same machine 133 times. If he's operating manually, then it should be obviously absurd. If he's operating automatically, then it's even more absurd; any software automatically scanning a network will only scan each host once.
I tire of these software firewalls that prematurely report wanton behavior. He's most likely using some software that is simply scanning the network looking for hosts. Such software often scans multiple times continually looking for hosts. If I had about 2 minutes and access to your network I could tell you precisely what was being done, but instead we'll have to settle for deductive reasoning: No one is nefariously scanning your machine.
I tire of these software firewalls that prematurely report wanton behavior. He's most likely using some software that is simply scanning the network looking for hosts. Such software often scans multiple times continually looking for hosts. If I had about 2 minutes and access to your network I could tell you precisely what was being done, but instead we'll have to settle for deductive reasoning: No one is nefariously scanning your machine.
I'll go right ahead and disagree. I discarded the logs long ago, but I had some wanker from a Swedish university scanning every single port on my external IP from 21 on up. So yes, there are people stupid enough to do it.
- M4H
Originally posted by: MercenaryForHire
I'll go right ahead and disagree. I discarded the logs long ago, but I had some wanker from a Swedish university scanning every single port on my external IP from 21 on up. So yes, there are people stupid enough to do it.
- M4H
What's wrong with scanning every port from 21 on up, as long as it's only done once?
silverpig
Lifer
- Jul 29, 2001
- 27,703
- 12
- 81
Firewall companies are a part of the fear conspiracy!!! 133 port scans... terrorists are trying to hack your computer so they can use it to make a nuke and blow up the world!!! See that firewall alarm flashing mauve? Yeah, that's a MAUVE alert people! MAUVE!!!
</crack>
Originally posted by: Nik
Originally posted by: MercenaryForHire
I'll go right ahead and disagree. I discarded the logs long ago, but I had some wanker from a Swedish university scanning every single port on my external IP from 21 on up. So yes, there are people stupid enough to do it.
- M4H
What's wrong with scanning every port from 21 on up, as long as it's only done once?
Absolutely nothing whatsoever. It's commonly done, and it's most often not insidious in nature. Many programs do this automatically behind-the-scenes, and they'll read the text banners of the servers after connecting.
It's really harmless. The proliferation of these "viruses" and software firewalls that sell more by fear than reason are largely to blame, imo.
Originally posted by: MercenaryForHire
I'll go right ahead and disagree. I discarded the logs long ago, but I had some wanker from a Swedish university scanning every single port on my external IP from 21 on up. So yes, there are people stupid enough to do it.
- M4H
It's not stupid at all. I was referring to him doing it 133 times. There is simply no one in the world who is going to scan the same host 133 times manually or automatically. I explained my reason for this in the post.
There are many legitimate reasons to scan a host, or even trying to connect to a random port. Fingerprinting firewalls and discerning available services might be a more deleterious purpose, but the legitimacy of the practice is more fruitful, imo.
Originally posted by: Descartes
Originally posted by: Nik
Originally posted by: MercenaryForHire
I'll go right ahead and disagree. I discarded the logs long ago, but I had some wanker from a Swedish university scanning every single port on my external IP from 21 on up. So yes, there are people stupid enough to do it.
- M4H
What's wrong with scanning every port from 21 on up, as long as it's only done once?
Absolutely nothing whatsoever. It's commonly done, and it's most often not insidious in nature. Many programs do this automatically behind-the-scenes, and they'll read the text banners of the servers after connecting.
It's really harmless. The proliferation of these "viruses" and software firewalls that sell more by fear than reason are largely to blame, imo.
Yeah, but this guy was trying to FTP in. I think he mistyped a number in his search for the "Le3t Ju@r3z Du|\/|P" and just got frustrated. Not like it took me long to type up the one-line "deny all from source a.b.c.d" rule
- M4H
my guess is his firewall reported 133 port scans because the guy hit 133 different ports..
that my friend = 1 port scan
that my friend = 1 port scan
Eh, I doubt it. I'm pretty sure that most intrusion detection profiles are by monitoring the frequency of TCP SYNs from the same source address or network. By your indication it would seem that any connection attempt, failed or otherwise, would be a port "scan." By definition a scan is >= 1 port, and if it's not within a specified frequency it's not a scan; rather, it's an attempt to connect to another port. It's also worth noting that some intrusion detection profiles will throw a scan alarm if there's a TCP SYN and no SYN-ACK, but even then they often delay until another SYN is received.
Also, 133 is too weird of a number. If someone is port scanning, it's going to be something like 1 through 1023, or 1023 through a higher range, etc. Most will stay away from the ephemeral ports, but 133 simply isn't congruous with any reasonable profile of someone looking for legitimate services.
With that said, it really depends on the system.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter