Getting a lot of port scans

Hello, I am getting scanned at least twice a day, sometimes up to 7 or

8 times. Is this normal?

Does it mean I have some software that is advertising my presence? If so how do I identify it?

Should I be worried?

I have windows XP firewall switched on and Sygate running too. Is that overkill?

Can I stop them? Can I prosecute them? can I find them and get them beaten up?

Mia

Reply to
Mia
Loading thread data ...

put a NAT "firewall" router with SPI between your machine and the modem and set it to not respond to outside requests.

Mia wrote:

Reply to
degrub

Hmm... what is your phone number? :) LOL!

-Frank

Reply to
Frankster

Yes.

No.

If you don't have open ports towards the Internet: no. Check with a portscanner from the outside.

Yes. Remove Sygate.

No.

No.

Since you had to ask: no.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Yes.

No.

If you're not offering network services or at least have a packet filter, then no.

Yes. Remove Sygate.

No.

Usually: no. Scanning itself is nothing evil, though.

Yours, VB.

Reply to
Volker Birk

It wouldn't be for me. Just the other day I connected my laptop directly to the DSL modem rather than running it through the router, to check the software firewall before traveling. The firewall was logging a port scan about every five seconds.

No. My firewall had my machine in "stealth" mode, so the scanners didn't even know there was a machine at that IP address. You're just seeing a small part of the stuff everybody gets.

Yes. You should make sure such scans are unsuccessful. I use the "Shields Up" tests at

formatting link
I'm sure the more sophisticated folks on this newsgroup can suggest other tests.

I think most people would recommend shutting down the XP firewall, since the two can interfere with each other. But again I'll defer to the experts here.

No, no, and no. The Internet is like the old West. There's no law, so you've gotta carry your own sixgun. And know how to use it.

Reply to
zzy

Bullshit. If there really was no machine at that address, the last router *before* your machine would have responded with a "host- unreachable" or "network-unreachable" ICMP message. There is no such thing like "stealth" in IP.

The more sophisticated folks especially suggest

formatting link

Probably. And they'd be wrong.

Bullshit. Of course the Internet is *not* a lawless place. However, there's no law to prohibit portscans.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

That web site contains a lot of material objecting to Gibson and his site, but I don't see anything a relatively naive user (which describes the vast majority of Internet users) can do to test his firewall against port scans.

Do you have anything constructive to offer?

Reply to
zzy

For a reason.

You can't test a firewall against portscans. That just makes no sense. You can use a portscanner to determine whether some host has open ports.

Actually that's very constructive, because Gibson's interpretation of portscanning results is misleading, to say the least. GRC isn't a source anyone should use.

As for online-portscanners: there's this really great website where you can find just about everything:

formatting link
cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

  1. Joe Average doesn't need a firewall. Just disable binding of unneeded service to network interfaces, there are numerous scripts out there and heck, even Ahab Gibson has got his BUZZWORDbubbler^WDCOMbobulator.
  2. Joe Average doesn't know how to properly use a firewall, so it doesn't offer any security.
  3. Personal firewalls are no firewalls. They're host-based packet filters, in a pretty lousy implementation, plus a lot of pseudo-security bullshit.
  4. There's neither a need nor a way to stop port scans.

Do you? Hint: GRC and derived wrong knowledge isn't constructive either.

Reply to
Sebastian Gottschalk

Won't help you finding a really good one. :-)

Reply to
Sebastian Gottschalk

Wow. I've obviously come to the wrong place to learn about firewalls or get constructive advice about making my system more secure against random scans. Sorry for bothering you folks.

"Joe Average"

Reply to
zzy

With except of not letting your system be vulnerable, which should be a general goal apart from random port scans, what exactly do you thinkg you could do?

Reply to
Sebastian Gottschalk

You've come to the right place, you just seem to be reluctant to learn.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.