YD Scuba Diving Forums banner
1 - 20 of 27 Posts

·
Shipwrecked & Comatose, drinking fresh mango juice
Joined
·
2,614 Posts
Discussion Starter · #1 ·
Imported post

<font color='#810541'>my firewall was flagging up an intrusion today, my ports were being scanned by someone.

How can I tell who was scanning me?  All I have is an IP address: 80.225.212.145

I know it's not serious or the firewall would have done more but it just bugged me!

Andy
 

·
Registered
Joined
·
12,795 Posts
Imported post

Andy

Unless the IP is being spoofed, that IP is assigned to Tiscali. I used the IPWHOIS tool found here. Middle column.

Could be any script kiddie, could be worth reporting to [email protected] and see what they have to say.

I have been scanned many times, usually from the far east or USA, never seen one from the UK before. Could be worth trying the Shields up test to see if you may be vulnerable any other way.

Adrian
 

·
Registered
Joined
·
4,434 Posts
Imported post

I get 200-300 connection/trojan probes/scans per day bouncing off my firewall - i was logging them but the hard disc space was disappearing !

Provided you dont use Black Ice firewall you're ok at the moment.  Its best ignored.
 

·
Team Starburst
Joined
·
5,275 Posts
Imported post

<font color='#736AFF'>I have received very few scans recently which is a modest relief.
I have tried tracking things back-USA, Canada, Spain and reported it to ntl my ISP but nothing came of it
Keep the firewall up to date.
Keep an eye on your modem-if it being active when you are not expecting it to be you might have a visitor......:angry:
 

·
Shipwrecked & Comatose, drinking fresh mango juice
Joined
·
2,614 Posts
Discussion Starter · #6 ·
Imported post

[b said:
Quote[/b] (Adrian Kelland @ Mar. 26 2004,23:28)]I have been scanned many times, usually from the far east or USA, never seen one from the UK before. Could be worth trying the Shields up test to see if you may be vulnerable any other way.
<font color='#810541'>thanks for this Adrian ....... seems I have quite a secure PC as far as shieldsup was concerned.  My ports can be scanned as much as they want, apparently my firewall was working OK and it simply blocks them with no response.
 

·
Registered
Joined
·
12,795 Posts
Imported post

[b said:
Quote[/b] (Frogman @ Mar. 27 2004,11:59)]Now that you have the IP addy, you "could" ping em with nice neat 2meg packets which would disable their pc for a whiley!

Not that im vendictive or owt
Frogman

If the IP is dynamically assigned, this could be causing a problem for an innocent party, and it just adds to all the other garbage clogging up the net.

Adrian
 

·
Registered
Joined
·
5,271 Posts
Imported post

Soz to be a thickie. But could someone explain what this is all about!! People scanning your PC - all sounds very scary. What on earth would someone want to scan my PC for?

Yours (well scared)

Daza

PS I've got AVG - does that stop someone scanning me?
 

·
Banned
Joined
·
1,844 Posts
Imported post

While the 'pooter geeks are paying attention!
I installed Norton/Spybot S'n'D a coupple of days ago. Immediatly when I was trying to send/recive mail I had 250'sh mails. I managed to start recieving but when it got to 150'ish it's just stopped. The mail I did recieve is duplicates of what I've amassed over the past couple of months. Anyone know why it's frozen at this particular mail?
I ran Shieldsup earlier on today and it says my POP3 is open! Is this the problem and if so how do I deal with it?

Peter
 

·
GUE Instructor
Joined
·
9,260 Posts
Imported post

The correct response is to report it to Tiscali. revenge of any kind is a daft idea for a couple of reasons. One, Tiscali assigns the IP address to dial up connections on connection, which means that if you go for that IP address, you will almost certainly be picking on some poor sod that got the same lease when they connected.

Secondly, if it is someone who happens to know what they are doing, you will just be advertising your presence.

Gareth
 

·
Registered
Joined
·
256 Posts
Imported post

Hi All, Esp Darren,
AVG is very good for a freebie anti virus, but have you got a firewall ?, thats the item that helps to prevent god knows who sneaking in your back door, zonelabs -make zone alarm which is pretty good, its not to hard to setup, and even your own stuff like IE or OE has to get permision to access the web first time, ez trust do a free one as well, works well for me, get a F/wall and before you turn it on go to the GRC website and get it to scan your pooter, you will be surprised at how many doors that are open, activate the F/wall and do it again, you can get your pooter to act like its not there, its in stealth mode, works like radar dodgy bods send out a signal that get bounced back, they then know a PC is there, with a fire wall the signal goes almost straight through so you cannot be seen, Spybot is also useful its searches out all the nasty little dialers and ads etc that you find on your PC, again you have to set it up, but it does work well, gets the rubbish out of your registry as well if you tell it to, it has over 12000 items to search for in its data base, have a search read the info and tutorials etc take your time to understand the stuff and you should be OK.
Hope this is of help for you (all)

Cheers
Mark
 

·
Registered
Joined
·
256 Posts
Imported post

PS forgot to add,
Garf is correct, do not answer any spams or whatever, if you do they then know for sure you are there and thats your lot it wont end, and will increase, one way to kee pyou out of trouble is to check what mails you have at your isp via the net delete the rubbish, the start your mail prog to download.

Mark
 

·
Registered
Joined
·
2,115 Posts
Imported post

[b said:
Quote[/b] (peter k @ Mar. 28 2004,20:00)]While the 'pooter geeks are paying attention!
I installed Norton/Spybot S'n'D a coupple of days ago. Immediatly when I was trying to send/recive mail I had 250'sh mails. I managed to start recieving but when it got to 150'ish it's just stopped. The mail I did recieve is duplicates of what I've amassed over the past couple of months. Anyone know why it's frozen at this particular mail?
I ran Shieldsup earlier on today and it says my POP3 is open! Is this the problem and if so how do I deal with it?

Peter
Peter

Sound like you have an email with a large attachment, and as you say you computer is rather old it could be timing out loosing the Connection, if you can access your email's via the web and not microsoft outlook that may help you or ring your ISP they will be able to sort it for you..

Sean
 

·
Registered
Joined
·
2,343 Posts
Imported post

To put things in perspective a bit here, port scans are very common and are completely legal whereas flooding someone who has scanned you is not. Scanning does not indicate a hacking attack, some Internet surveys do it, and you are not at risk unless you are offering some kind of service on your machine.

If you are offering a service such as a POP3 server or a web server (pretty unlikely on a PC unless you are a geek) then a scan can be a first line of attack but, if you keep your systems patched, then you're almost certainly fine.

In other words, don't worry about it  
 

·
Registered
Joined
·
2,115 Posts
Imported post

AH but a port scan is the first start of a hack, its the first thing I do just to see whats open and what services are running and where I could maybe drop somthin in..  But Nick is 100% standard home PC nothing to worry about..  just make sure that all your windows, update's are up to date..  If you get the IP address you could use smartwhois, trace route there are a few other tool about...  The old ping of death wont work to well now unless you have a go at an old NT machine..  

Sean  
 

·
Banned
Joined
·
1,844 Posts
Imported post

Cheers Sean! I've contacted NTL to see what they'll do.

Peter
 

·
Registered
Joined
·
3,914 Posts
Imported post

I use the freebie version ofZoneAlarm works fine. Of course if you're using Windozzzze then your PC will always be vulnerable to a committed hacker, but unless it's got special data on it it more likely to be just meddlesome "script kiddies".

Worth mentioning that if you're using XP or Win2K and are concerned about security, you shouldn't log onto the net with an Administrators account as if someone hacks into your box they will then have Administrator privileges, whereas if you're logging on with a ltd account the damage should be minimal
 

·
Registered
Joined
·
2,343 Posts
Imported post

[b said:
Quote[/b] (Sean @ Mar. 29 2004,11:49)]AH but a port scan is the first start of a hack, its the first thing I do just to see whats open and what services are running and where I could maybe drop somthin in
I agree but most serious hackers don't use something as obvious as a port scan these days and they also don't bother hacking PCs.

These are probably kiddies fishing for the chance of causing some mischief  
 

·
Registered
Joined
·
2,115 Posts
Imported post

yep and what a pain they can be..  Looks like we work in the same area Nick...  My best tool is my Sacrificial lamb it gets to the script kiddies when they think there in my system, then you turn the tables and there machine starts to do strange things


Sean
 

·
Registered
Joined
·
5,271 Posts
Imported post

Blimey, I downloaded the zone alarm software and it's been in for 5 minutes and I've had 6 alarms already varying from being pinged to having my ports scanned. And there I was in blissful ignorance thinking that hackers etc only targetted big business. Opps there goes another one " The firewall has blocked internet access to your computer (netbios name) from 200.203.246.133 (UDP Port 64671)" and another, 30 secs later "The firewall has blocked internet access to your computer (ICMP Echo request (Ping) from 217.6.60.78"

Ahhhh help, I'm under attack!!  
 
1 - 20 of 27 Posts
Top