Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ESET Smart Security detected a port scan, should I be worried?


  • Please log in to reply
2 replies to this topic

#1 haaithere

haaithere

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 01 November 2017 - 04:26 PM

Hello.

 

I was just browsing the web, when all of a sudden ESET Smart Security lets me know, a port scan is being performed. That's how it looked like:

KB2951FIG0-0.png

 

 

And from the ESET's logs I can see the IP address which supposedly tried to scan me:

3psxkoP.png

 

Looking up the IP "218.254.78.28" from a website "ip-lookup.net", the IP is associated with South Korea, while I am in Northern Europe:

lT157yt.png

 

A little background information too: I'm using a USB 4G LTE modem and there's no one else on the network besides my laptop.

Why on Earth someone from South Korea would want to scan my ports? Is it something I should be worried about? If it happened just once, should I just forget it and move on?

 

 

I've already performed a scan with Adwcleaner and about to perform a scan with MBAM. Maybe I'm just overreacting and it's nothing, but I don't really know a lot about this stuff, so... Would really appreciate your suggestions on the next steps.

 

update: Same message appeared again some 10 minutes ago from the same IP. I switched to a mobile hotspot to see if that makes a difference.


Edited by haaithere, 01 November 2017 - 04:54 PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:33 PM

Posted 01 November 2017 - 05:06 PM

I use ESET Internet Security...if I saw a message like that, I would not be concerned at all...since the application (ESET) is doing exactly what it is supposed to do...and, IMO, in the course of a single day/moment/etc...such items will occur for anyone using the Internet.

 

I would think such a problem only if ESET did NOT or could not block it.

 

Some persons like to see intricate details from firewalls and other protective apps...I am not one who is interested in the detail.  I just want to know that the apps installed for defensive purposes...are doing what they are supposed to do.

 

But I don't normally post in this forum and malware expert of any sort...I am not.  But I am a computer user with familiarity with what you describe.

 

Louis



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,889 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:33 PM

Posted 02 November 2017 - 09:08 PM

"Network threat blocked" TCP Port Scanning attack / "Detected Port Scanning Attack" notification

...these notifications indicate that your ESET product has detected and blocked an intrusion attemptthey do not indicate an infection. Your ESET product will continue to block these attacks even after the notifications are disabled.

It is not unusual for firewalls, IP blocking software (i.e. PeerBlock) and some anti-virus programs to provide numerous alerts regarding probing and intrustion attempts to access your computer. Botnets and Zombie computers scour the net, randomly scanning a block of IP addresses, searching for vulnerable ports - commonly probed ports and make repeated attempts to access them. Hackers use "port scanning", a popular reconnaissance technique, to search for vulnerable computers with open ports using IP addresses or a group of random IP address ranges so they can break in and install malicious programs. Your security software is doing its job by blocking this kind of traffic and alerting you about these intrusion attempts. For more information about Port Scanning, please refer to Port Scanning Basic Techniques.

However, not all unrequested traffic is malevolent. Some legitimate programs on your computer have access to the Internet and that action can also trigger an alert but your firewall should be able to give you a list of such programs so you can confirm if they are legitimate. Even your ISP will send out regular checks to see if your computer is still there, so you may need to investigate an attempted intrusion. If your computer is sending out large amounts of data, that can indicate that your system may have a Trojan. Usually when a computer is infected with malware there most likely will be other obvious indications (signs of infection and malware symptoms) that something is wrong.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users