Hello. I won't comment on the actual question but I will say it's generally viewed as 'bad practice' and wasteful to scan everyone that scans you. Port 80 scans are very common and usually harmless unless your running a vulnerable web server on the target machine. ADL -----Original Message----- From: osden [mailto:osden77at_private] Sent: Tuesday, August 19, 2003 3:59 AM To: Security-basicsat_private Cc: incidentsat_private Subject: newbie wanting some info !! Cheers to all...... i have a ADSL connection to my home PC and have NAV and ZONE ALARM installed as my AV and Firewall. Zone Alarm has been set to the highest security settings. I have a utility called Attacker from www.foundstone.com listening at my ports. I have been observing all kind of scans from this following IPs 207.40.146.171 dsl-d-171.nortex.net 203.241.146.5 user5.s146.samsung.co.kr 66.75.223.169 cpe-66-75-223-169.bak.rr.com trying to connect to my port 80 from various ports. repeatedly also i have this IP scanning repeatedly at my port 21 from various ports: 80.181.56.143 host143-56.pool80181.interbusiness.it Well when i scan them back every host that is found LIVE has Port 5000 listening. Is this something to do with that?? or is anyone else also experiencing something like that. According to my information port 5000 [UPnP / filmaker.com / Socket de Troie (Windows Trojan)] else the box is Win32 listening to auto detection of hardware. Can anyone comment on this and let me know. Any information provided will be really helpful. Thankx in advance. Kind Regards, Ozzy [SCAN EVERYTHING] Kind Regards, Osden Fernandes [SCAN EVERYTHING] --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Aug 19 2003 - 20:52:18 PDT