?
Solved

Tracing and catching Pingers

Posted on 2004-11-01
3
Medium Priority
?
184 Views
Last Modified: 2013-12-07
I leave a few ports open for local  FTP filesharing and when my firewalls on (Zone Alarm) its says 5412 access attempts blocks, I know they're pinging my ports because if I turn off the firewall my FTP has all kinds of problems.

Is there anyway to see WHO has been pinging my ports???
0
Comment
Question by:pdoriley
3 Comments
 
LVL 4

Assisted Solution

by:Teething
Teething earned 500 total points
ID: 12468749
There should be a logging feature in your firewall software to show the source ip address.

I would recommend turning off ICMP unless you really need it for something and then making some restrictions on your FTP service to prevent unauthorized users.
0
 

Assisted Solution

by:ndemeter
ndemeter earned 200 total points
ID: 12469680
You cannot ping a port, you ping an IP. If your Zone Alarm is going off then there should be three things that you should be seeing on the screen:

a) originating IP (this is the offender)
b) destination IP (this is you)
c) destination port (the port they were trying to get to on your computer)

Most of the time what you see is worms trying to find more vulnerable computers to infect. There are times however that what you see are people post-scanning you. That is, they are trying to find that open services are on your computer that they can exploit. My advise would be to keep your firewall on and disable anonymous FTP access.
0
 
LVL 15

Accepted Solution

by:
Cyber-Dude earned 300 total points
ID: 12471842
If you will see any Firewall reposrt, it will report to you what IP address tried to 'ping' you. What Firewall software are you using?
Etherway, theres this GREAT site enables you to enter an IP address and plot you with its origin. Theres one problem though; If someone is using those free Proxy servers available on the net, It would be difficult to trace those packets sience, even in case you succeed in capture that packet; You may learn the application trying to connect but you wont be able to know the IPs true origin (unless its a transperent proxy).

Links:
The info site:
http://www.dnsstuff.com

Hope that helped

Cyber
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question