Frequnt port scan attacks

Frequnt port scan attacks

am 15.10.2007 15:42:04 von Ken Knecht

The past few days I've been getting multiple 'port scan attack logged'
notices from my Sygate Personal Firewall (version not indicated in doc).
This is unusual. Anyone else seeing this or is someone going through my
ISP's (Nationwide) IP list? Usually I only get a few a week - now I'm
getting a few an hour.

Strange. Comments?


--
I got used to my arthritis
To my denture I'm resigned
I can manage my bifocals
But Lord I miss my mind

Re: Frequnt port scan attacks

am 16.10.2007 03:04:14 von Sebastian Gottschalk

Ken Knecht wrote:

> The past few days I've been getting multiple 'port scan attack logged'
> notices from my Sygate Personal Firewall (version not indicated in doc).
> This is unusual.


This is not unusual, this is rather what should be expected.

> Anyone else seeing this or is someone going through my
> ISP's (Nationwide) IP list?


Seeing what? So far there's no indication of any network-related activity.
Your error-simulation software simply simulated an error, that's all.

Re: Frequnt port scan attacks

am 16.10.2007 03:53:01 von MR. Arnold

"Ken Knecht" wrote in message
news:Xns99CA4433B457Ckenkderucom@130.133.1.4...
> The past few days I've been getting multiple 'port scan attack logged'
> notices from my Sygate Personal Firewall (version not indicated in doc).
> This is unusual. Anyone else seeing this or is someone going through my
> ISP's (Nationwide) IP list? Usually I only get a few a week - now I'm
> getting a few an hour.
>
> Strange. Comments?
>

If you get a NAT router with logging, the traffic would be blocked, and the
PFW/Sygate running on the computer would never react to the blocked traffic
the router is blocking in front of the machine.

http://www.homenethelp.com/web/explain/about-NAT.asp

Re: Frequnt port scan attacks

am 16.10.2007 21:30:23 von Default User

On 15 Oct 2007 13:42:04 GMT, Ken Knecht wrote:

>The past few days I've been getting multiple 'port scan attack logged'
>notices from my Sygate Personal Firewall (version not indicated in doc).
>This is unusual. Anyone else seeing this or is someone going through my
>ISP's (Nationwide) IP list? Usually I only get a few a week - now I'm
>getting a few an hour.
>
>Strange. Comments?

It's not at all unusual to see port scan attempts from the internet. We
get thousands of failed attempts every day on our publicly facing IP
network and they are all blocked and logged. You don't mention what type of
internet connection you have, but assume you have a DSL/ADSL/Cable type
connection with a DHCP assigned IP address. It is not at all unlikely that
you recently updated your IP address with your ISP and the port scans you
are seeing are related to the previous user of that IP address. There are
many other reasons this could be occurring as well, you would need to
provide more specific information such as the source IP addresses, ports,
and protocols being used, number and frequency of scans from the same
address, etc... in order to determine anything more than you are seeing
normal internet traffic.

Re: Frequnt port scan attacks

am 17.10.2007 00:41:10 von goarilla

Sebastian G. wrote:
> Ken Knecht wrote:
>
>> The past few days I've been getting multiple 'port scan attack logged'
>> notices from my Sygate Personal Firewall (version not indicated in
>> doc). This is unusual.
>
>
> This is not unusual, this is rather what should be expected.
>
>> Anyone else seeing this or is someone going through my ISP's
>> (Nationwide) IP list?
>
>
> Seeing what? So far there's no indication of any network-related
> activity. Your error-simulation software simply simulated an error,
> that's all.
what do you mean with that last paragraph?

Re: Frequnt port scan attacks

am 17.10.2007 00:46:04 von goarilla

Ken Knecht wrote:
> The past few days I've been getting multiple 'port scan attack logged'
> notices from my Sygate Personal Firewall (version not indicated in doc).
> This is unusual. Anyone else seeing this or is someone going through my
> ISP's (Nationwide) IP list? Usually I only get a few a week - now I'm
> getting a few an hour.
>
> Strange. Comments?
>
>
keep in mind that lots of (default configured) firewalls, IDS systems
generate what can be
called false positives. Unless you have knowledge of how nmap, the de
facto portscanner
in the world works, and how that relates to your firewall logs and
settings you can practically
ignore these logs since you have no clue what they are doing, how they
are doing and why?

Re: Frequnt port scan attacks

am 17.10.2007 01:47:05 von Sebastian Gottschalk

goarilla wrote:


>> Seeing what? So far there's no indication of any network-related
>> activity. Your error-simulation software simply simulated an error,
>> that's all.
> what do you mean with that last paragraph?


"Sygate Personal Firewall", as the name says, is a "personal firewall",
whichs supposed functionality to create random network errors (obvious when
looking at the design implementation).

Re: Frequnt port scan attacks

am 17.10.2007 01:52:56 von goarilla

Sebastian G. wrote:
> goarilla wrote:
>
>
>>> Seeing what? So far there's no indication of any network-related
>>> activity. Your error-simulation software simply simulated an error,
>>> that's all.
>> what do you mean with that last paragraph?
>
>
> "Sygate Personal Firewall", as the name says, is a "personal firewall",
> whichs supposed functionality to create random network errors (obvious
> when looking at the design implementation).

aaah so you are just disgusted by third party (crap - oxymoron ?)
windows personal firewalls
so much you call them error-simulation software. :D