Results 1 to 6 of 6
  1. #1
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post

    Port scans over past two days

    During October 9 through October 11, noticing my system was sometimes unresponsive for seconds at a time, I began to look for other symptoms than a simple over-fragmented hard drive.

    On checking the firewall log, I discovered port scans coming from two or three IPs during the last 48 hours.

    The IPs are 209.18.47.61 and either 204.86.118.19 (or 20,21) or 66.35.58.75 (or 76-77).

    The IP 209.18.47.61 is associated with domain "belfalest.com" and registered with Tierranet Inc.
    The IPs 2014.86.118.19 (20-21) and 66.35.58.75 (76-77) are registered with Dreamhost, LLC with no domain owner visible.

    Although I am reluctant to raise what is likely to be a false alarm, port scans are hostile behavior and this series of scans is associated with simultaneously depressed system performance.

    Any suggestions about what post-scan checks I should put into place before resuming normal operations?

  2. #2
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Delaware, US
    Posts
    1,171
    Thanks
    19
    Thanked 99 Times in 88 Posts
    Are the scans on your PC or router/modem?
    Graham Smith
    DataSmith, Delaware
    "For every expert there is an equal and opposite expert.", Arthur C. Clarke (1917 - 2008)

  3. #3
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 985 Times in 915 Posts
    Port scans occur all the time, it's DDOS attacks that you need to worry about - or not, depending on how paranoid you are feeling.

    cheers, Paul

  4. #4
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post
    Quote Originally Posted by gsmith-plm View Post
    Are the scans on your PC or router/modem?
    The scans were read from my computer firewall log, and the interruptions were experienced on the machine, itself.

  5. #5
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 985 Times in 915 Posts
    Where were the scan coming from, internal or external address?
    If it's internal you probably have malware on a machine, if it's external your router is not configured correctly - it needs to block all incoming.

    cheers, Paul

  6. #6
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Delaware, US
    Posts
    1,171
    Thanks
    19
    Thanked 99 Times in 88 Posts
    Quote Originally Posted by Paul T View Post
    If it's internal you probably have malware on a machine, if it's external your router is not configured correctly - it needs to block all incoming.
    It's appalling how badly configured a lot of routers are. Telco and Cable modems are some of the worst and frequently cannot be configured at all.
    Graham Smith
    DataSmith, Delaware
    "For every expert there is an equal and opposite expert.", Arthur C. Clarke (1917 - 2008)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •