Port scan attack logged....I often get the above message flashing up on my PC screen....not really sure what's going on....anybody any idea....should I worry,

I use Sygate fire wall, Win XP, Avast anti virus.

Nick.

Which network are you attached to ie which provider?

It is quite common feature of the real internet.

Most IP's block it before it gets to you.

Whats happening is some scally is going through a whole range of IP addresses using a robot hacker trying to find a machine with a security breach. After they find one something nasty can happen or its just a youngster having fun and learning about system security. Or they use your machine a jump station to try and hide what they are really up to.

I have known many hackers who have turn game keeper and the all earn 6 figure sums but now try and hack systems on request instead of on the fly.

One guess is that it's your firewall "helpfully" telling you that it's earning its keep.

See if you can find out how to turn off the warnings. They're of no use to you, there's nothing you can, or should, do about them, all they do is interrupt you and worry you to no useful purpose.

Better, put a stealth mode NAT router between you and the internet so that this crap never gets anywhere near your PC in the first place.

Its the stuff it's not logging you should be worried about ... cue evil laugh...mwahahahaha...

Thanks for the input so far guys,

The provider is Virgin Media.

Nick.

What is it that is doing the flashing? Your firewall program? A browser pop-up?

If it is something you have installed then it's (hopefully) doing its job.

SD

SD I'm not sure....I will pay more attention next time it flashes up.

Nick.

I would tell virgin media whats happening as well.

They have more permanent ways of dealing with it

Nick,

Do you use a hardware firewall (i.e. a router between you and Virgin's equipment) or do you connect your PC directly to the ADSL / cable modem?

A hardware firewall, properly configured (pretty much keep defaults), should eliminate the problem.

SD

SD no its direct from the cable, no Router.

Nick.

Whack something like this in between the cable and your PC then.

WIRELESS-N - WNR2000

Cheap, effective, and will speed up your internet browsing whilst wirelessly enabling it (if it wasn't already) and allowing multiple computers on your connection.

Sorry to be a party pooper MB, but care to explain how a cheap consumer grade router plugged into a cheap, rate-limited, packet-shaped, contended internet connection potentially also being used by someone who has an under-specced laptop ridden with tons of un-necessary background processes is likely to have any effect whatsoever.

Placebo effects. Like most of those registry hacks and other rubbish you see around the internet.

You can't polish a !!!!.


(p.s. magpienja, wasn't specifically pointing at you in the laptop bit.... so no need to get grumpy if you've got a super duper laptop !)

Well, it'll stop the port scan popups - the port scans are still happening, but they're being terminated at the router, and if you don't bother to look at the router logs you won't be upset by them.

It won't of course "speed up your internet browsing", it'll slow it down, blindingly obviously, as it's one more hop and hence extra delay for each packet. Probably not enough to notice though.

Adding wireless is not something to do lightly. Unless you really know what you're doing you're inviting hackers in - it's hardly a solution to a security issue, it's creating a security issue!!

Yes it does facilitate putting multiple computers on the connection.

By facilitating the removal of the software firewall that's no doubt been crippling his laptop.

You can't polish a !!!!, but in the land of the blind the one eyed man is king

(and at ~£40 it's worth it purely for the stateful firewall, NAT and wireless-N - especially if the guy doesn't want the equivalent of a comms rack in his house).

Not so blindingly obvious if you read my previous post. Software firewalls are <extremely naughty swear word indicating 'not very good at all in the main'>

Oh come on. If you had to choose between a badly configured software firewall or a wireless network without a password I know which I would choose. At least you'd get half a chance of eyeballing the dick wardriving outside your house (if the signal even reached that far), whereas if you ever looked at the frequency of port scans on the internet you wouldn't want to sleep at night.

Speak for yourself. I expect port scans to be continuous 24/7 and they don't bother me at all.

Wombat the number of scans which are done every second for dubious reasons is very high.

If your a network peep the best way to stop these getting through to your network is by nipping it in the bud as the wire comes through the wall.

Having a black box solution means that you don't have to use resources on the client to do the same function. The black box will quite happily do it with its cut down OS with no degrading of its function.

A client with its software firewall will have to give ever increasing reasources to scanning and deciding what gets through its ports. Basically its the same as the old ping attacks of 10 years ago where you could kill a server by just pinging its IP address millions of times.

Even if you want to keep the software firewall working and isolating the client behind the blackbox you will decrease the number of CPU cycles riquired by the firewall. Thus you will see an increase in speed of the machine.

mad_jock,

Trouble is, your average el'cheapo home user "black box" would fear no better under a syn flood or other DoS attack.

They are merely a poorly implemented software solution running on an underpowered COTS hardware solution with peanuts for memory.

So all they'll do is crash your "firewall" instead of your computer's network stack.

Save for one or two exceptions, if it ain't got an ASIC, it ain't a hardware firewall.

That said, adding that extra layer of defence is a Good Thing (TM), so don't misinterpret what I'm saying....

MB,

Indeed you are correct in that sense. Something extra is better than nothing extra in terms of defence.

You don't need a comms rack for some reasonable software based firewall appliances, but I'll give you that you'll need more than £40 at your local computer shop.

I don't disagree with that, you can make anything crash if you put the effort in.

I still reckon it will take some load off the CPU of the client machine.

I understand where Mike is coming from.

Personally all the black box firewalls I dealt with were black and had cisco stamped on them and cost a bit more than 40 quid. And I still remember RBS using some bloody port for its online banking and the amount of arguments that caused with the users.

A couple of assumptions:

1) OP has broadband
2) OP has broadband router of some decent description

Given that then NAT *should* stop all of the port scan crud getting to the PC, unless it's been configured in a DMZ for some unknown reason, with an internet accessible IP address.

Any chance of a screenshot of the message ? Does the pop up ask you to click on a link and "protect yourself" ?

The Nr Fairy,

If you read back a few posts you will see that assumption 2 is not valid.

SD