ganglia
Results 1 to 9 of 9

Thread: isp port scanning

Threaded View

  1. 08-06-2001, 08:23 PM #9
    Blacksheep's Avatar
    Blacksheep
    Blacksheep is offline Registered User
    Send a message via ICQ to Blacksheep Send a message via AIM to Blacksheep Send a message via Yahoo to Blacksheep
    Join Date
    May 2001
    Posts
    218

    scans/hits from ISP netblock...

    Most quotes are from jtw00:

    "I've just purchased ZA pro. Seems to
    have a lot of options.
    I tried blocking the whole netblock
    the alerts are coming from but unfortunately I am in it."

    You must not block your ISP's DNS (domain name server) and mail server IPs. If you don't know what IPs they are, these instructions are for dial-up, Win*X:

    DNS IPs; My Computer- Dial-Up Networking- right click ISP- properties- Server Types- TCP/IP Settings

    Mail server IP; try a whois on mail.yourISP.com

    If above doesn't work for you, you can call ISP techie.

    "If there is a worm in the netblock,
    wouldn't the isp want to know?"

    Maybe. My old ISP didn't give a shi~. But, you could contact your ISP and offer your firewall logs. I found a worm in a biz network not long ago. Sysadmin was happy I alerted him but sad it was in his network. Took him 2 weeks to kill it in all his comps.

    "While looking for ZA pro I came across
    an alert about a vulnerability in ZA.

    [url]http://www.securitynewsportal.com/a...=thread&order=0[/url] "

    Interesting link...
    This is a Win*X OS vulnerability (Thanks Bill) whereby any running process can be terminated without any warning to user. A remote control backdoor already exploits this Win OS flaw and can kill several firewalls and anti-virus progs if it gets in your comp. Don't let it in.;-) Be careful what progs you give firewall permission to. Don't click on cracker links.

    "Maybe all the more reason to find out if a worm exists in netblock."

    Like Mr Byte says: "In **% of the cases I just ignore such portscans because they cannot affect the security and connectivity of my system. In *% of the cases, where I see that the attacker is dedicated and/or dangerous, or he/she is flooding my system, I might decide to report the case, or just counterattack."

    I think most of these hits are machine generated- not a guy at a key***rd attacking you personally.

    If you gotta good firewall, anti-virus, you can relax a little. For me, a good packet sniffer is also indispensable.

    [url]http://www.tamos.com/products/commview/[/url]

    P.S.
    I didn't mention the name of the "terminate process" trojan because all kinds of people read this forum- hackers, crackers, script kiddies, virus writers, sysadmins, LEA, government agents, gurus, newbies... let the bad guys find their own tools.

    Also, if you have a really crappy ISP, he might scan you from DNS and/or mail IPs; but, ZA will catch it.
    Last edited by Blacksheep; 08-07-2001 at 11:32 PM.
    Blacksheep
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. ip scanning and open port scanning.
    By protocl in forum Viruses and Trojans
    Replies: 11
    Last Post: 09-07-2007, 02:00 PM
  2. help on scanning please!
    By Unregistered in forum Internet Privacy
    Replies: 1
    Last Post: 07-31-2005, 04:29 PM
  3. is aol range scanning illegal?
    By Unregistered in forum Internet Privacy
    Replies: 17
    Last Post: 05-20-2005, 01:31 AM
  4. port 80 and port 8080
    By ted1546 in forum Proxies and Firewalls
    Replies: 1
    Last Post: 04-17-2005, 10:22 PM
  5. How can I see if I'm anonymous when scanning proxys?
    By Unregistered in forum Proxies and Firewalls
    Replies: 1
    Last Post: 12-09-2001, 03:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules