Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Port Scan


  • Please log in to reply
2 replies to this topic

#1 sl300

sl300

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 20 December 2010 - 11:08 AM

Hi there, Could anyone help me with a problem? I seem to be getting a lot of TCP or UDP-based Port Scan, 150 today so far, from source 156.154.70.22:53, this got from Router log. The Log states its from target 82.6.90.248:60270. Is this normal? I,m running windows 7 and have Comodo free Firewall installed.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:45 PM

Posted 22 December 2010 - 10:06 AM

You can investigate IP addresses and gather additional information at:
You can use various Network Traffic Monitoring Toolsfor troubleshooting and malware investigation.:Online Port Scan allows you to scan individual TCP ports to determine if the device is listening on that port.
Shields Up is an online port scanning service used to alert the users of any ports that have been opened through firewalls or NAT routers.

There are third party utilities that will allow you to manage, block, and view detailed listings of all TCP and UDP endpoints on your system, including local/remote addresses, state of TCP connections and the process that opened the port:Caution: If you're going to start blocking ports, be careful which ones you block or you may lose Internet connectivity.

For a list of TCP/UDP ports and notes about them, please refer to:
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 1,140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 22 December 2010 - 10:30 AM

from Router log.


So if I understand correctly, you've a Windows 7 machine that is connected to a router/modem, which is connected to the Internet.
Your Windows 7 machine has a private IP address, and your router obtains a public IP address from your ISP (NAT setup).
The port scans you are seeing, are on the public IP address of your router.

If my description of your setup is correct, then seeing a lot of port scans on your router is, unfortunately, normal (unless your ISP takes some measures to protect your router).
There is a lot of port scanning on the Internet, both by humans and by infected machines looking for new targets.

If your router is properly configured and is not vulnerable (e.g. because you applied the latest firmware), then you should not worry.
Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com
Microsoft MVP 2011-2014 Consumer Security
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users