Port Scanning

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
I'm on Telewest Blueyonder Broadband in the UK and reaquainted myself
with ZoneAlarm recently.  Every ten seconds I was notified of some
port intrusion, some from Blueyonder IP's, some not. Telewest informs
me that their servers will port scan clients. Does this seem
reasonable? Most of the other port intrusions I presume are from
virus-hijacked computers?

Furthermore, as ZoneAlarm has this nasty side-effect of crashing my
computer, I'd like to replace it with a much more reliable means of
security--a router. Does anyone have any opinions as to why a hardware
firewall (I'm leaning toward Linksys BEFW11S4) might NOT be a better
idea than software firewall?

I know ZoneAlarm isn't the end all and be all of firewalls. I like
Norton's antivirus, maybe their Internet Security combo is decent?
Though ...it's still cheaper to buy the router!

Thanks for your opinions in advance.

Evan Joanette

Re: Port Scanning

Quoted text here. Click to load it

First of all, be aware the a lot of operations that seem like intrusions/pot
scans are actually fully legal requests that are considered intruison
because of some minor modifications in timeouts of all kinds, or the number
of requests per minute and so on. Some IDS tools be default will alarm you
of intrusion detection which will be some legal NetBIOS request , for
example. (TCP ports 135, 138 & 139)

Re: Port Scanning
On your question about hardware firewalls; I use a Linksys router and find
it very reliable. The only problem is it doesn't monitor / alert on outgoing
traffic, so you don't get warned of spyware, etc that might phone home. I am
looking to have the best of both worlds by having both router and software
firewall. So far I've looked at Zonealarm (but this can't be configured to
block outgoing traffic by ip address to block known ad servers) and Kerio
(which is very configurable in what it can block, but unfortuantely also
regularly crashed my computer).
On your first point, I'm not sure I like the sound of a provider port
scanning my system - but as you've probably gathered from my above comments
I'm slightly paranoid!

Hope these thoughts are helpful...

Quoted text here. Click to load it

Re: Port Scanning
As a rule all anti-virus, spyware and firewall protection systems need to be
installed on a clean system.  Most of the problems that I have had to solve
were those on systems of up time more than 60 days

Quoted text here. Click to load it

Re: Port Scanning
I use two routers, an alpha shield which is connected to a watchguard
firebox, and I use NIS on my system.  I too use broadband and every so often
my ISP servers scan, I'm given the option to allow or block, which I block.
When I checked with my ISP they say it's sop.

Quoted text here. Click to load it

Re: Port Scanning
A router AND firewall software... quite the combo.  There are some
things that the software does that I didn't realize the router didn't
always do.

Unfortunately, it sounds like there's a fair number of system crashes
blamed on firewall software, and now I've experienced it. But now that
I realize there are so many port intrusions on my machine, I need some

My last router was an SMC Barricade, but I really like the Linksys.
Doubt I'll change my mind on that.

Re: Port Scanning
I use D-Link router, and can block ports in there (block 135-139 btw)  and
Norton Firewall where you can chose incoming and outgoing.

Quoted text here. Click to load it

Site Timeline