Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Agnitum always reports port scan attack from same ip,...


  • Please log in to reply
4 replies to this topic

#1 DejanD

DejanD

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 30 October 2014 - 06:42 AM

Hello!

 

I am no expert but i would be happy If you can give me opinion on the matter,

 

I have win7, Eses antivirus and Agnitum firewall.

 

FIrewall is very often giving notice that I my computer is port scanned for following ip: 192.168.1.254

 

Then it usually blocks that adress,.. I had some short fragments attack notices, but mostly its port scanning.

 

I would like opinion, if this is some kind of attack or its normal or what.

 

Appreciate it and thanks.

 

 



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 AM

Posted 01 November 2014 - 03:20 PM

192.168.1.254 is a private IP address: it is a machine on your network, not on the Internet.

I guess your machine also has a 192.168.1.0/24 IP address?

If you don't know:

http://www.bleepingcomputer.com/forums/t/536252/how-to-tell-if-you-have-a-private-ip-address-or-a-public-ip-address/

 

Is it possible that 192.168.1.254 is your gateway address?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 DejanD

DejanD
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 02 November 2014 - 12:10 PM

Hi!

 

Thank you for reply!

 

I first checked in google for ip adress and it was different, but when I checked it in network center yes you are correct. Its my own gateway  adress.

 

I am still not sure what does that exactly mean. Do I have a virus? Or its something else.

Thank you.



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 AM

Posted 02 November 2014 - 01:30 PM

No, this is not an indication of a virus on your machine.

Agnitum generates false alarms for your gateway.

Edited by Didier Stevens, 02 November 2014 - 01:30 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 Westnile

Westnile

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 06 December 2014 - 07:20 PM

DejanD,

 

Question how many devices or computers are in your network and are you running wireless internet or not?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users