Port scan attack

Posted on 2005-02-28
Medium Priority
Last Modified: 2010-04-11
I have Sygate personal firewall.  Occassionally I get a message about a port scan attack and then back trace it to see who was scanning my computer.  What can I do then?  There are e-mail addresses listed.  Should I send them an e-mail asking them what they were doing?  Or report them somewhere?  What information coulld they get?  And what should I have Sygate do to prevent any harm to my computer? What does "Stop all active response" option accomplish?  Sorry for all these questions, it's just that I could use a comprehensive intro to this area.  Thanks!
Question by:Lucynka
LVL 38

Expert Comment

ID: 13430574
This question might be more appropriate in either the Security or the Security -> Firewalls TAs. I suggest you post in the community service area requesting that the question be moved.
LVL 12

Expert Comment

ID: 13446716
My personnal opinion is no need to take much concern here as its very common to see lot of icmp floods or udp scans on the internet...Even if the ISP DNS trying to communicate to ur IP still your personal firewall detects it as a scan attempt...all the broadcasts as well fall under similar alerts...
If the alert is seriously some sort of TCP port scan or some high ports scan then you may have to ensure the system security..if you have a always on internet connection try to get a NAT device or NAT HW based firewall which will stop most of the attacks before reaching ur machine....
Reporting to some authorites is good but most of the times these scans comes from some where else rather than the home country it self...
The information they can get is depends on ur system security..there are some good sites to enhance the PC security..just searchin google n u will get millions of results..
To use Sygate better may be u try to look in to the log files..if the alerts it generated looks like from ur ISP or some broadcast then you can ignore.otherwise try to harden the machine n patch it up etc; with Sygate there is certainly some sort of protection but not very much .

Expert Comment

ID: 13466014
Port scanning is not deemed illegal in most countries, it is deemed 'not polite' however.

There is not much you can do other than report it to the ISP that hosts this remote individual. The ISP will have an AUP which should cover such behavior but do not hold your breath becuase like I say, its not illegal. Its no different to someone coming to your front door and knocking to see if anyone is home.

Looks like you have done everything you need to do which is get personal protection and give yourself the ability to monitor activity. If it persists, just let their ISP know, the owner of the remote box may not even know and could be a victim themselves .

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.


Expert Comment

ID: 13466061
just reading thru the question again with regards to stop attacks and what people could get.

Port scans can reveal services that your computer is running (eg web server) as well as ports that the computer may be listening on. If people can scan you and obtiain a list of services/ports, potentially they could use that information to get access to your machine and completely take it over and launch attacks against others.

If you can, you should definately block all access to your box from the internet, it should not break anything unless you have a requirement for someone to access your box.


Author Comment

ID: 13467452
>>There is not much you can do other than report it to the ISP that hosts this remote individual.

How do I find out who their ISP is?

Accepted Solution

tmehmet earned 2000 total points
ID: 13468621
just do a traceroute to the remote IP, the name of the ISP will be in the traceroute.

Then visit the ISP website and there should be an 'abuse' email address. Put in a portion of your logs that shows the remote machine scanning you and comlpain that you want it to stop.


Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question