Solved

Tracing and catching Pingers

Posted on 2004-11-01
174 Views
Last Modified: 2013-12-07
I leave a few ports open for local  FTP filesharing and when my firewalls on (Zone Alarm) its says 5412 access attempts blocks, I know they're pinging my ports because if I turn off the firewall my FTP has all kinds of problems.

Is there anyway to see WHO has been pinging my ports???
0
Question by:pdoriley
    3 Comments
     
    LVL 4

    Assisted Solution

    by:Teething
    There should be a logging feature in your firewall software to show the source ip address.

    I would recommend turning off ICMP unless you really need it for something and then making some restrictions on your FTP service to prevent unauthorized users.
    0
     

    Assisted Solution

    by:ndemeter
    You cannot ping a port, you ping an IP. If your Zone Alarm is going off then there should be three things that you should be seeing on the screen:

    a) originating IP (this is the offender)
    b) destination IP (this is you)
    c) destination port (the port they were trying to get to on your computer)

    Most of the time what you see is worms trying to find more vulnerable computers to infect. There are times however that what you see are people post-scanning you. That is, they are trying to find that open services are on your computer that they can exploit. My advise would be to keep your firewall on and disable anonymous FTP access.
    0
     
    LVL 15

    Accepted Solution

    by:
    If you will see any Firewall reposrt, it will report to you what IP address tried to 'ping' you. What Firewall software are you using?
    Etherway, theres this GREAT site enables you to enter an IP address and plot you with its origin. Theres one problem though; If someone is using those free Proxy servers available on the net, It would be difficult to trace those packets sience, even in case you succeed in capture that packet; You may learn the application trying to connect but you wont be able to know the IPs true origin (unless its a transperent proxy).

    Links:
    The info site:
    http://www.dnsstuff.com

    Hope that helped

    Cyber
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    What is IRC? IRC (Internet Relay Chat) is a form of communication between multiple users. It is available freely to anyone with inernet access. IRC is a great way to communicate with others e.g. There is an IRC channel for Ubuntu Linux, which is fo…
    Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now