Port scan attacks

brother chris · Dec 16, 2005

I have the internet hooked up and have a router and I hooked the guy up that lives in the basement, with internet. He has NO virus protection. Ever since I hooked him up yesterday, I have been having lots of port scan attacks. He said he is going to get some anti-virus this weekend, but what can I do to protect myself from all these port scan attacks? Another question....which anti-virus should I recommend for him to buy? And should I worry about the port scan attacks? I have McAfee anti-virus...is that good enough? Thanks for any input. B.C.

sid the squid · Dec 16, 2005

Re: Port scan attacks

I would suggest the first thing both of you do is put up a firewall. If your router comes equipped with one it needs to be configured. Also you can go to www.zdnet.com and download zone alarm. its free and is a pretty good firewall, this should take care of your problem. Good luck.

KRS · Dec 16, 2005

Re: Port scan attacks

the port scan attacks could be his computer, is it attempting to establish a new address with each connection (I think that's called dynamic) then your computer may be seeing it as a port attack. Good luck.

brother chris · Dec 16, 2005

Re: Port scan attacks

Thanks for the info on the anti-virus. I think it is a good idea for him to use McAfee too. As for the port scan attacks, I used to get them, about 1 a week, but he is hooked up, it is every 5-10 minutes. As far as what the attack is doing, all McAfee will let me to is trace the attack. I'm not too sure what else they are trying to do. I just checked the firewall and all the attacks, "blocked an incoming TCP". That is all it tells me. B.C.

roscoe · Dec 16, 2005

Re: Port scan attacks

You have a basement under your trailer? Or is this the basement of the house on the property? just curious.

sid the squid · Dec 16, 2005

Re: Port scan attacks

Oh and as far as the anti virus software, we use McAfee on the server in the office and have had no problems with it at all, I use Norton on all three of my machines at home and am very happy with it. So either one should work for you.

Nos4r2 · Dec 16, 2005

Re: Port scan attacks

Chris, your friend's PC has probably already been hacked or infected with a virus/spyware if he's not running both a firewall and antivirus.These unprotected PC's will first get any personal data stolen then are then used as 'slaves' by hackers to commit ALMOST untraceable frauds. The recent case where an internet bank was hacked was down to this-thousands of slave computers all trying random passwords and logins until one succeeds. Zonelabs.com provide a free firewall. Note that antivirus will not detect use of certain keystroke logging spyware so using a couple of anti spyware programs such as Adaware and Spybot S&D along with a system protector such as Prevx home are ESSENTIAL to system security. Google the names, they are all free. Personally I would unhook his pc from the net until it's properly protected, as a hacker will find it a lot easier to hack yours if it's on the same IP.

Xcusme · Dec 16, 2005

Re: Port scan attacks

One more thing to note: Avoid the new versions (6.xxx.xxx) of ZoneAlarm, even the free versions. If you goto the Zone Labs forums, there are thousands of posts from paying folks who are having MANY problems getting the program to run without problems. My advice?? Go here ZA Link and scroll down to the section named 5.5 Branch. Look for version 5.5.094.000 OR 5.5.062.011 and d/l same. These older versions don't have the problems of the new releases.

BTW, can you do a copy/paste of the port scan log?? It would be nice for you to post the version s of Windows you both are running. If you are running a router, you already have a firewall. Is your friend hooked up on a Cat5 cable or thru the wireless interface?? azfyrfyter63 wrote, "the port scan attacks could be his computer, is it attempting to establish a new address with each connection (I think that's called dynamic) then your computer may be seeing it as a port attack. Good luck." His computer would not be looking at your machine for an IP address, it would be trying to obtain an IP address from the router. Your router by default should have the DHCP server enabled and should be able to hand out IP addresses to your computers based on it's default DHCP range, typically 192.168.1.100===>.192.168.1.150 range. If you click on Start,Run, type in CMD and hit Enter, you'll be at a DOS screen. Type in ipconfig/all, hit Enter. You should see your current IP address, subnet mask, Gateway address (routers IP address) and the DNS server addresses. Type EXIT, hit Enter to exit the DOS screen...... If you perform the same commands on HIS computer, you should see everything the same EXCEPT his IP address will be different. Using my example above (explaining the DHCP router addressing range), you'll probably have an IP of 192.168.1.100 and he will have 192.168.1.101. It all depends on who turns on their computer first. The first guy will get an IP of 192.168.1.100 the other , of course will be the next IP number, 192.168.1.101 etc. If another computer is turned on, it's IP would be 192.168.1.102, you get the idea....I hope. All this assumes that everybody's computer is setup to 'Obtain an IP address automatically" ( this is where this DHCP stuff comes into play), this is called dynamically configured IP addressing. The other option is to specify a certain IP address for each computer (under Network and Dial-up Settings). If you specify a specific IP address, this is called Static IP addressing. I personally find it easier to assign certain IP addresses to my machines, they never change the IP. There are benefits to having a 'static' IP.

brother chris · Dec 17, 2005

Re: Port scan attacks

No, I do not have a basement under my trailer.lol. Xcusme..I have to go to work now. I will cut/paste a copy of an attack when I get back home this afternoon. I plan on calling him today, while I am at work and tell him to buy some anti-virus so we can install it when I get home. Thanks, B.C.

brother chris · Dec 20, 2005

Re: Port scan attacks

Well, after a week, I finally got back online here. Xcusme: This is what is says about one of the many port scan attacks I have had. "McAfee Firewall blocked an attempt to attack your machine using a "Port Scan" attack. The remote address associated with the traffic was 209.63.105.8. The remote port was 80 [HTTP]. The local port on your PC was 1051 [ephemeral]. The network adapter for the traffic was "Realtek RTL8139(A) PCI Fast Ethernet Adapter". The binary data contained in the packet was "00 50 bf 90 95 4b 00 13 46 48 f5 1c 08 00 45 00 04 ba 98 59 40 00 33 06 af 8f d1 3f 69 08 c0 a8 00 65 00 50 04 1b 86 62 60 15 01 49 15 bb 50 18 43 40 56 2a 00 00 48 54 54 50 2f 31 2e 31 20 32 "." Hope this helps. B.C.

brother chris · Dec 20, 2005

Re: Port scan attacks

My buddy is hooked up through CAT5 cable.

Xcusme · Dec 20, 2005

Re: Port scan attacks

It's a bit more helpful knowing what version OS you're running (you basm. buddy too), and the Make/model router your connected to. Here are some basics: Router: Change the default SSID (name of your wireless AP) Change the default Password to a STRONG password( use letters,numbers and characters) Turn on encryption WEP (128bit), better yet WPA (use a STRONG-long passphrase) get one here... Turn off ICMP ping (ping from the WAN (internet) Limit the number of IP addresses the router CAN issue (the DHCP stuff-previous post) Make sure Firewall is checked ON On your computer, turn off un-needed services, like Telnet and file sharing, if you're not using them. If you are using file and print sharing, uncheck TCP/IP for a communication protocol. Add either NWLink/IPX or Netbeui protocols and use those for the file and printer sharing. Limit only authenticated users to use the printer or share files. Rename the Administrator account to something else, add a password to this account. Add yourself as a user and require a login and password to boot into Windows desktop. Jump over to Shields UP web site (grc.com) and do port scans of your system: File Sharing Common Ports ( you'll prob. have port 113 OPEN- report back I'll tell you how to close it) All Service ports Both you AND your buddy should go to http://housecall.trendmicro.com/ and do the free housecall scan. Install some anti-virus program, your choice really.....AVG is a free one Free AVG BTW, this list is nowhere's complete

brother chris · Dec 20, 2005

Re: Port scan attacks

Thanks Xcusme. I'm at work now, so I will try what you mentioned, when I get home. Thanks, B.C.

KRS · Dec 20, 2005

Re: Port scan attacks

I was going to offer more advice, but the current level of advice is already well beyond my skill level, good luck!

tomatolord · Dec 21, 2005

Re: Port scan attacks

Well if we find an answer here to port scan attacks we will be the riches people in the world. Port scans are what hackers do to find open ports on a network. They load up a range of IP addresses and have at it. I work for a security company and the top 3 port scan countries are China, Russia and Germany. It is NOT the kid next door. It is the hacking 101 tool - you can only discourage port scan attacks you cannot prevent them. Discourage - firewalls - antispyware - antispam - antivirus Your buddy should use a different software - like trend micro - that is because not all of these products work exactly the same - so 1 virus that yours might catch his wont and vice versa - that way if he gets something you wont This is called a layered security approach One of the new reasons for port scan attacks are spyware and spam trojans - they broadcast back to the hackers your port - so the hackers "know" that this system is weak because their spyware or spam got through. I also do not leave my computer on overnight or when I am not using it - I just power everything off - I noticed when I was leaving my system on for long periods I got scanned more often. good luck tomatolord

Port scan attacks

Commander

Seaman

Banned

Commander

Supreme Mariner

Seaman

Lieutenant Commander

Commander

Commander

Commander

Commander

Commander

Commander

Banned

Chief Petty Officer