User Panel
Posted: 9/18/2002 1:56:05 PM EDT
keeps portscanning my computer
210.101.82.201 anything I can do to get this bastard to stop? |
|
Get a port scan utility off of the net and start probing him in return[BD] |
|
good idea!
I'm going to do that what do i do when i find open ports? is it illegal to break into computers located in other countries? |
|
I have a very similar problem. When I am disconnected from the net (Dial-up) a small window pops up and is titaled "Portal". Then my modem tries to contect. If I allow it to connect I get ads????
WTF?????????? Sgtar15 |
|
hehehe You said probe
I woudl scan him as well, not probe but scan...... sounds less..... naughty [:D] |
|
probe his entire network with syn packets and then he will get the picture.
|
|
How do you know when someone is "port scanning" you,...and what does that mean?
|
|
Quoted: probe his entire network with syn packets and then he will get the picture. View Quote is this the same thing as a "denial of service" attack? |
|
Quoted: How do you know when someone is "port scanning" you,...and what does that mean? View Quote i have the zone alarm free firewall program running it poped up about 30 alerts of the same ip address trying to connect to various ports on my machine |
|
Quoted: send him a bowl of Kim Chee noodles and call a truce. View Quote good lord, he'd like that crap my roomate in college was a korean guy he kept a jar of that stuff in our refridgerator for six months he'd eat it for breakfast after I'd left for class, and the room still smelled like rotten garbage four hours later when I'd return YUCK! |
|
Quoted: how you know hes korean? View Quote i went here [url]http://www.dnsstuff.com/[/url] put the ip address into the whois lookup and got: WHOIS results for 210.101.82.201 Generated by www.DNSstuff.com Country: KOREA-KR ARIN says that this IP belongs to APNIC; I'm looking it up there. % [whois.apnic.net node-1] % How to use this server http://www.apnic.net/db/ % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html inetnum: 210.100.0.0 - 210.103.223.255 netname: KRNIC-KR descr: KRNIC descr: Korea Network Information Center country: KR admin-c: HM127-AP tech-c: HM127-AP remarks: ****************************************** remarks: KRNIC is the National Internet Registry remarks: in Korea under APNIC. If you would like to remarks: find assignment information in detail remarks: please refer to the KRNIC Whois DB remarks: http://whois.nic.or.kr/english/index.html remarks: ****************************************** mnt-by: APNIC-HM mnt-lower: MNT-KRNIC-AP changed: [email protected] 19971206 changed: [email protected] 20010606 status: ALLOCATED PORTABLE source: APNIC person: Host Master address: 11F, KTF B/D, 1321-11, Seocho2-Dong, Seocho-Gu, address: Seoul, Korea, 137-857 country: KR phone: +82-2-2186-4500 fax-no: +82-2-2186-4496 e-mail: [email protected] nic-hdl: HM127-AP mnt-by: MNT-KRNIC-AP changed: [email protected] 20020507 source: APNIC inetnum: 210.101.82.0 - 210.101.82.255 netname: SOONGSILUNV-KR descr: SooSil Computer Institute descr: 1-1 SangDo5-Dong DongJak-Ku descr: SEOUL descr: 156-035 country: KR admin-c: CC72-KR tech-c: CC73-KR remarks: This IP address space has been allocated to KRNIC. remarks: For more information, using KRNIC Whois Database remarks: whois -h whois.nic.or.kr mnt-by: MNT-KRNIC-AP remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.krnic.net. changed: [email protected] 20020909 source: KRNIC person: ChanSoo Chung descr: SooSil Computer Institute descr: 1-1 SangDo5-Dong, DongJak-Ku descr: SEOUL descr: 156-035 country: KR phone: 02-813-8676 fax-no: 02-817-8654 e-mail: [email protected] nic-hdl: CC72-KR mnt-by: MNT-KRNIC-AP remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.krnic.net. changed: [email protected] 20020909 source: KRNIC person: ChanSoo Chung descr: SooSil Computer Institute descr: 1-1 SangDo5-Dong, DongJak-Ku descr: SEOUL descr: 156-035 country: KR phone: 02-813-8676 fax-no: 02-817-8654 e-mail: [email protected] nic-hdl: CC73-KR mnt-by: MNT-KRNIC-AP remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.krnic.net. changed: [email protected] 20020909 source: KRNIC |
|
Quoted: I have a very similar problem. When I am disconnected from the net (Dial-up) a small window pops up and is titaled "Portal". Then my modem tries to contect. If I allow it to connect I get ads???? WTF?????????? Sgtar15 View Quote Dude, you have spyware! Download and run Ad-aware immediately. It will find any spyware on your computer and delete it. You can get Ad-aware from [url]www.lavasoftusa.com[/url]. USPC40 [img]www.ar15.com/members/albums/USPC40/line.gif[/img] [url=www.nra.org][b][red]NRA[/red][/url] [url=www.nra.org][blue]Life Member[/blue][/url] [url=www.gunowners.org][b][red]GOA[/red] [/url] [url=www.gunowners.org][blue]Life Member[/blue][/url] [url=www.saf.org][red]SAF[/red][/url] [url=www.saf.org][blue]Supporter[/blue][/url] [url=sas-aim.org][red]SAS[/red][/url] [url=sas-aim.org][blue]Supporter[/blue][/b][/url] [img]www.ar15.com/members/albums/USPC40/alabamaflag.gif[/img] |
|
TCP/IP (the basic communications protocol for most network traffic) has 65,000 "ports", or places that applications on your machine can listen to for connections from the net. For example, web servers usually listen on port number 80; someone on another machine can connect to that port (basically say "connect to machine xyz on port 80"). Once the connection is established they can ask for web pages.
The problem is that a lot of applications listening on these ports have weaknesses. For example, the attacker might discover that you've got a web server running on port 80, then go through a long list of known exploits that can give them control of your machine. The port scan process is considered to be rude, though possibly not illegal; it's kinda like a burglar going down a street, rattling doorknobs to see what's open. A lot of the machines doing port scans are actually hosts that have been taken over by attackers unrelated to the machine's owner. |
|
Quoted: I have a very similar problem. When I am disconnected from the net (Dial-up) a small window pops up and is titaled "Portal". Then my modem tries to contect. If I allow it to connect I get ads???? WTF?????????? Sgtar15 View Quote You have either a trojan (unlikely but oh boy, format c: /s) or more likely a spyware program. Down load AdAware and do a scan, remove the spyprogram, reboot and scan again. [url]http://www.lavasoftusa.com/[/url] |
|
atgm: is the guy scanning all your ports or just a couple? You must have a cable or DSL line as if you have a modem everytime you log on you get another IP address out of a pool.
I get hit with port scans a couple times a day but my software firewall rejects them. Scanning all ports up and down the guy is looking for an open port to exploit - typically these turds scan thousands of computers rather than just one. Trojan's on the otherhand know that your computer IP address is owned and will attempt to attach to the remote program time and time again. |
|
Said in my best Danny Glover voice:
"I'm getting to old for this shit." Yes, I know he's an anti. But it does seem fitting here. Ya know, I used to be a techie. But that was when my blazing 8088-2 was running 8mhz. |
|
it was about 30 alerts one right after the other, after that i pulled my cable out for a little while
|
|
Agtm, disable the alerts. There is no need to be annoyed by them because the program stores them in a log which you can view anytime. Zonealarm does its job well. There is no need to "pull" the plug.
|
|
agtm:
I haven't used a recent version of zonealarm, so it may not yet have the functionality to block certain IP addresses or other advanced settings. But check around in your firewall for settings to block that IP address. I gave up zonealarm several years back and now use TPF (tiny personal firewall). TPF is the powerusers firewall (still free!), whereas I consider zonearlarm the mac version. Alternately, hooking up a router will in effect block direct contact from outside clients (unless you set up the computer as a DMZ host, or specifically forward the port(s) to your computer). I use both a hardware (router) and software (TPF) based firewall. also, as mentioned above, ad-aware is a great program for detecting and deleting spyware (programs that pop-up advertisements or otherwise track your browsing habits). |
|
Quoted: agtm: I haven't used a recent version of zonealarm, so it may not yet have the functionality to block certain IP addresses or other advanced settings. But check around in your firewall for settings to block that IP address. I gave up zonealarm several years back and now use TPF (tiny personal firewall). TPF is the powerusers firewall (still free!), whereas I consider zonearlarm the mac version. Alternately, hooking up a router will in effect block direct contact from outside clients (unless you set up the computer as a DMZ host, or specifically forward the port(s) to your computer). I use both a hardware (router) and software (TPF) based firewall. also, as mentioned above, ad-aware is a great program for detecting and deleting spyware (programs that pop-up advertisements or otherwise track your browsing habits). View Quote i couldn't find anything in zone alarm about blocking specefic ips i'm going to check into this tpf, since i'd like to block people i catch nosing around adaware is cool too, i've been using that for a while can anyone recommend a good program to block pop up windows? |
|
Quoted: send him a bowl of Kim Chee noodles and call a truce. View Quote Y'know, I've had all sorts of Kimchee - Cabbage Kimchee, water Kimchee, Cucumber Kimchee... But I have never seen or heard of Kimchee NOODLES! Did I miss something? Are you sure you don't mean Ramen / Ramyen? Adam |
|
can people get past these software firewalls?
i don't have any software running that would make an obvious hole that i know of (like ftp servers or whatever) just email, and web I've been pulling the cable whenever I'm not using the machine (i've got a cable modem), but i'd like to just leave it on all the time. I'm just a little too paranoid for that I guess. what does a decent router cost? what makes a router better than a software firewall? |
|
Quoted: Quoted: send him a bowl of Kim Chee noodles and call a truce. View Quote Y'know, I've had all sorts of Kimchee - Cabbage Kimchee, water Kimchee, Cucumber Kimchee... But I have never seen or heard of Kimchee NOODLES! Did I miss something? Are you sure you don't mean Ramen / Ramyen? Adam View Quote maybe those round styrofoam "kimchee bowl" things. kimchee flavored ramen noodles, just add hot water. also yuck, but so spicy they mask the garbage taste enough that i can eat them |
|
Quoted: maybe those round styrofoam "kimchee bowl" things. kimchee flavored ramen noodles, just add hot water. also yuck, but so spicy they mask the garbage taste enough that i can eat them View Quote Hmmmm... Kimchee flavored Ramyen... Hmmm |
|
Quoted: Quoted: maybe those round styrofoam "kimchee bowl" things. kimchee flavored ramen noodles, just add hot water. also yuck, but so spicy they mask the garbage taste enough that i can eat them View Quote Hmmmm... Kimchee flavored Ramyen... Hmmm View Quote these are the kimchee bowls: [img]http://www.ikoreaplaza.com/ikp/assets/product_images/KPSM01BR001.jpg[/img] i don't like those very much these, however, [img]http://www.ikoreaplaza.com/ikp/assets/product_images/KPSM01BR003.jpg[/img] are great |
|
Quoted: can people get past these software firewalls? i don't have any software running that would make an obvious hole that i know of (like ftp servers or whatever) just email, and web I've been pulling the cable whenever I'm not using the machine (i've got a cable modem), but i'd like to just leave it on all the time. I'm just a little too paranoid for that I guess. what does a decent router cost? what makes a router better than a software firewall? View Quote A software firewall will basically monitor incoming/outgoing ports and connections. Depending on the specific piece of software, you may have more or less control over what the firewall will monitor, block, allow, etc... A hardware firewall (such as a router) will take the IP address assigned by your cable/dsl company and use it for itself. Your computer will then have an "internal" IP address (such as 192.168.2.x) while the router has two addresses (typically 192.168.2.1 and the second which is from your ISP). The 192.168.2.xxx IP addresses are internal, and can only be recognized by local (networked) computers. Your computer will send a request to the router (say for a webpage), then the router requests the information from the webhost, which passes it back to the router, which passes the information back to the computer that requested the information. (in order to not be too confusing, that's a simplified explination of what's going on) People from the outside (internet) cant get access to your computer via software or hardware firewall, unless you allow it. With hardware firewalls, you will need to physically forward a port (or range of ports) to your computers IP address in order for outside users to be able to contact it. Alternately, some routers will let you set up a DMZ host, which basically bypasses the routers firewall for one computer. With software firewalls, you have more control. You can specify certain IP addresses that either can or cant access your computer. You can allow or deny certain programs from accessing out, or in some cases only allow certain ports to be used by a particular program. The main difference is that software based firewalls have the added benefit of being able to stop certain trojan horses/rampant programs from accessing out of your computer w/o your permission. You will usually get a pop-up box that indicates "program iexplorer.exe wishes to connect out on port 80 to remote IP x.x.x.x" (or something similar). You can then set permissions to either allow or deny, etc. Some trojans will contact out to a remote computer (instead of someone hacking into your computer, they plant the trojan and the computer initiates the breach), allowing someone access to your system. Hardware firewalls wont do anything to stop outgoing problems like this. The cost: TPF (tiny personal firewall) and Zonealarm are both free versions of software firewalls. If you dont know what an IP address or port # is, or if you dont feel technically inclined on the computer, zonealarm would be the better solution for you. You can pick up a 4 port Linksys router (which will let you hook up 4 computers at once to it) at www.newegg.com for $63.00 (plus shipping). There are several brands to chose from, I personally have liked the Linksys the best for consumer versions of routers. |
|
Quoted: can people get past these software firewalls? i don't have any software running that would make an obvious hole that i know of (like ftp servers or whatever) just email, and web I've been pulling the cable whenever I'm not using the machine (i've got a cable modem), but i'd like to just leave it on all the time. I'm just a little too paranoid for that I guess. what does a decent router cost? what makes a router better than a software firewall? View Quote For cable/DSL users, if you don't want to go to the expense of buying a Router/firewall combo that performs NAT, there is an easier method to protect your machine than by disconnecting the cable. For Windows users, just disable your NIC card when you are not on the internet. For example, Windows 2000 users, just right click on "My network Places" and choose properties. You should see the icon for your NIC connection. Just right click that and choose disable. You NIC will no longer process any traffic and you are completely secure from outside intrusion. To reenable your connection, just right click the NIC icon and choose "enable" and you are back online. Takes about 5 seconds to do, and is much easier than pulling the coax. |
|
Quoted: There are several brands to chose from, I personally have liked the Linksys the best for consumer versions of routers. View Quote Personally, I think a person is better off with a router that has no speed loss with their modems. I have the SMC7004ABR and a 3COM "Sharkfin" modem. I have no speed loss. But my modem maxes out at 5.5 Mbps down and 850 kbps up out of 10 Mb down and 1 Mb upwhen I could get 8-9 Mbps down and 930 kbps up with a Motorola Surfboard or the Toshiba. |
|
I haven't noticed any speed reduction as my ISP only provides 2.5Mb down.
The only reason I like the Linksys over my old 8 port version of your SMC router is that the SMC was jacked up trying to get the port forwarding working correctly. I never had any issues with any other router I've used. BTW, nice connection... Fortunately, most people switching from dialup wont notice and/or care at any reduction in speed. One other thing I noticed, there's no latency loss with any router I've used to date... which is much more important to me (and my CS gaming experience). |
|
just installed that firewall program already had 4 attemps.last one i did the ip check and it was from someone at the local college.had a phone number but it doesn't work.but i did email them.and sent them a copy of this.
WHOIS results for 152.11.169.7 Generated by www.DNSstuff.com Country: UNITED STATES OrgName: Bowman Gray School of Medicine OrgID: BGSM NetRange: 152.11.0.0 - 152.11.255.255 CIDR: 152.11.0.0/16 NetName: BGSM-NET NetHandle: NET-152-11-0-0-1 Parent: NET-152-0-0-0-0 NetType: Direct Assignment NameServer: NCNOC.NCREN.NET NameServer: REGGAE.NCREN.NET Comment: RegDate: 1992-01-10 Updated: 1992-08-26 TechHandle: PS292-ARIN TechName: Santago, Pete TechPhone: +1-919-748-2815 TechEmail: [email protected] # ARIN Whois database, last updated 2002-09-18 19:05 # Enter ? for additional hints on searching ARIN's Whois database. |
|
One port scan is nothing. Put them on the block list and ignore them. If you start getting a bunch from similar subnets, then block the subnet.
Don't run windows (or anything) without some kind of protection on the net. Software firewalls can range from crappy to extremely effective. |
|
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.