Anyone have any idea as to what this might be about? Networking is my weakest area of computer expertise.
I was perusing my firewall logs (Sygate Personal Firewall) over the last few days, and I noticed something. I am being periodically port scanned by numerous computers from the subnet 24.x.x.x. The ports that get scanned are 80, 1025, 2745, 3127, and 6129. I know port 80 is for HTTP traffic. The other four, I'm not so sure about.
I've gone to GRC's Shields Up! website: https://www.grc.com/x/ne.dll?bh0bkyd2 and had those ports checked out, and every one was rated as "stealth", so I figure that I'm safe and need not worry.
Still, I don't know why these ports are scanned so often. My first thought was that maybe my ISP is scanning for servers that are against my use agreement. Not a problem. I don't run that stuff anyway. But I don't think all of the scans are coming from computers within my ISP's service. Backtrace and Whois checks from my firewall indicate the scans come from systems like ComCast Cable Communications, Shaw Communications, Charter Commincations, Earthlink, among others. (Earthlink is not my ISP, BTW)
Then I thought maybe it's simply a bunch of hackers just poking around. I admit I know next to nothing about hacking, but it seem to me an odd assortment of ports to scan if a hacker wanted to find something open to mess with.
My last thought is maybe these computers that are scanning me are infected with a trojan, and it's the trojan trying to replicate itself? Maybe. That doesn't worry me. These ports are "stealth", and my antivirus protection is set to autoprotect and automatically updates every week.
I'm really not worried. I'm just interested to hear what people's ideas are on the matter. Maybe I'll learn something. 😉
Any Thoughts? Ideas? Comments? Thanks. :beer:
MoonSword
I was perusing my firewall logs (Sygate Personal Firewall) over the last few days, and I noticed something. I am being periodically port scanned by numerous computers from the subnet 24.x.x.x. The ports that get scanned are 80, 1025, 2745, 3127, and 6129. I know port 80 is for HTTP traffic. The other four, I'm not so sure about.
I've gone to GRC's Shields Up! website: https://www.grc.com/x/ne.dll?bh0bkyd2 and had those ports checked out, and every one was rated as "stealth", so I figure that I'm safe and need not worry.
Still, I don't know why these ports are scanned so often. My first thought was that maybe my ISP is scanning for servers that are against my use agreement. Not a problem. I don't run that stuff anyway. But I don't think all of the scans are coming from computers within my ISP's service. Backtrace and Whois checks from my firewall indicate the scans come from systems like ComCast Cable Communications, Shaw Communications, Charter Commincations, Earthlink, among others. (Earthlink is not my ISP, BTW)
Then I thought maybe it's simply a bunch of hackers just poking around. I admit I know next to nothing about hacking, but it seem to me an odd assortment of ports to scan if a hacker wanted to find something open to mess with.
My last thought is maybe these computers that are scanning me are infected with a trojan, and it's the trojan trying to replicate itself? Maybe. That doesn't worry me. These ports are "stealth", and my antivirus protection is set to autoprotect and automatically updates every week.
I'm really not worried. I'm just interested to hear what people's ideas are on the matter. Maybe I'll learn something. 😉
Any Thoughts? Ideas? Comments? Thanks. :beer:
MoonSword
