Ports being probed ?
Thread Starter
Ports being probed ?
I run Malwarebytes with full time protection (paid version).Whenever I use my laptop with my 3G data USB stick,I see that Malwarebytes is quite active in blocking attempts to probe various ports.Svchost.exe always involved.
I looked at the logs and did a 'whois' on the blocked IP addresses and...every one of them originates in China.
The USB data stick is made in China by Huawei.Only occurs when the USB data stick is in use,never with my home ADSL or Wifi.
Just a co-incidence or maybe something more nefarious ?
I looked at the logs and did a 'whois' on the blocked IP addresses and...every one of them originates in China.
The USB data stick is made in China by Huawei.Only occurs when the USB data stick is in use,never with my home ADSL or Wifi.
Just a co-incidence or maybe something more nefarious ?
Last edited by TWT; 18th Mar 2011 at 06:28.
Join Date: Jan 2008
Location: Bracknell, Berks, UK
Age: 52
Posts: 1,133
Likes: 0
Received 0 Likes
on
0 Posts
It's nothing to do with the Huawei nature of your 3G dongle.
It's to do with you needing a firewall when you use it, as there's no NAT between you and the internet when you do. Ensure your PC uses a firewall at all times.
It's to do with you needing a firewall when you use it, as there's no NAT between you and the internet when you do. Ensure your PC uses a firewall at all times.
Agree with MB.
You almost certainly do not have a firewall turned on. Have a look at this site.
Hit "proceed" at the bottom to test the effectiveness of the firewall. All ports, ideally, will appear as stealthed.
The Windows firewall is effective at this, provided there is no actual malware on the computer. It is not so good at controlling outbound applications.
You almost certainly do not have a firewall turned on. Have a look at this site.
Hit "proceed" at the bottom to test the effectiveness of the firewall. All ports, ideally, will appear as stealthed.
The Windows firewall is effective at this, provided there is no actual malware on the computer. It is not so good at controlling outbound applications.
Last edited by Tarq57; 18th Mar 2011 at 08:10. Reason: submitted before post finished.
Thread Starter
Thanks for your replies.I have a work issued laptop with W7.I have limited admin status,unit setup by IT at HQ.I checked and Windows firewall is enabled.I ran the GRC test,all ports tested and got a perfect 'Trustealth' rating for 1st 1056 ports.I used the USB data stick in question for this test (and am using it now).
Don't know if it's relevant,but MS Forefront Client Security is running on the machine.I have no priveleges to see what it's doing.All I can do is see a list of applied updates which are pushed out over VPN from HQ.
Interesting.
Don't know if it's relevant,but MS Forefront Client Security is running on the machine.I have no priveleges to see what it's doing.All I can do is see a list of applied updates which are pushed out over VPN from HQ.
Interesting.
Join Date: Sep 2007
Location: Paris, France
Posts: 350
Likes: 0
Received 0 Likes
on
0 Posts
Just a co-incidence or maybe something more nefarious?
As long as you have a firewall, you're fine. If you don't have a firewall, you have a potential problem. If you're running just an ordinary desktop machine (not a server), you should have just about all incoming unsolicited traffic blocked.
The svchost.exe program is used to run all sorts of utility functions, including a number of essential network services, so it's not surprising or abnormal to see its name pop up in association with network activity.
Join Date: Jan 2008
Location: Bracknell, Berks, UK
Age: 52
Posts: 1,133
Likes: 0
Received 0 Likes
on
0 Posts
Thanks for your replies.I have a work issued laptop with W7.I have limited admin status,unit setup by IT at HQ.I checked and Windows firewall is enabled.I ran the GRC test,all ports tested and got a perfect 'Trustealth' rating for 1st 1056 ports.I used the USB data stick in question for this test (and am using it now).
Don't know if it's relevant,but MS Forefront Client Security is running on the machine.I have no priveleges to see what it's doing.All I can do is see a list of applied updates which are pushed out over VPN from HQ.
Interesting.
Don't know if it's relevant,but MS Forefront Client Security is running on the machine.I have no priveleges to see what it's doing.All I can do is see a list of applied updates which are pushed out over VPN from HQ.
Interesting.
You wouldn't get these same messages when connected to your broadband at home, as your home router does the firewalling function for you, hence none of those port scans ever reach your laptop for Malwarebytes to complain about them.
A pretty secure system there sir
