Port scan attack

Posted on 2005-02-28
Medium Priority
Last Modified: 2010-04-11
I have Sygate personal firewall.  Occassionally I get a message about a port scan attack and then back trace it to see who was scanning my computer.  What can I do then?  There are e-mail addresses listed.  Should I send them an e-mail asking them what they were doing?  Or report them somewhere?  What information coulld they get?  And what should I have Sygate do to prevent any harm to my computer? What does "Stop all active response" option accomplish?  Sorry for all these questions, it's just that I could use a comprehensive intro to this area.  Thanks!
Question by:Lucynka
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 38

Expert Comment

ID: 13430574
This question might be more appropriate in either the Security or the Security -> Firewalls TAs. I suggest you post in the community service area requesting that the question be moved.
LVL 12

Expert Comment

ID: 13446716
My personnal opinion is no need to take much concern here as its very common to see lot of icmp floods or udp scans on the internet...Even if the ISP DNS trying to communicate to ur IP still your personal firewall detects it as a scan attempt...all the broadcasts as well fall under similar alerts...
If the alert is seriously some sort of TCP port scan or some high ports scan then you may have to ensure the system security..if you have a always on internet connection try to get a NAT device or NAT HW based firewall which will stop most of the attacks before reaching ur machine....
Reporting to some authorites is good but most of the times these scans comes from some where else rather than the home country it self...
The information they can get is depends on ur system security..there are some good sites to enhance the PC security..just searchin google n u will get millions of results..
To use Sygate better may be u try to look in to the log files..if the alerts it generated looks like from ur ISP or some broadcast then you can ignore.otherwise try to harden the machine n patch it up etc; with Sygate there is certainly some sort of protection but not very much .

Expert Comment

ID: 13466014
Port scanning is not deemed illegal in most countries, it is deemed 'not polite' however.

There is not much you can do other than report it to the ISP that hosts this remote individual. The ISP will have an AUP which should cover such behavior but do not hold your breath becuase like I say, its not illegal. Its no different to someone coming to your front door and knocking to see if anyone is home.

Looks like you have done everything you need to do which is get personal protection and give yourself the ability to monitor activity. If it persists, just let their ISP know, the owner of the remote box may not even know and could be a victim themselves .

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users


Expert Comment

ID: 13466061
just reading thru the question again with regards to stop attacks and what people could get.

Port scans can reveal services that your computer is running (eg web server) as well as ports that the computer may be listening on. If people can scan you and obtiain a list of services/ports, potentially they could use that information to get access to your machine and completely take it over and launch attacks against others.

If you can, you should definately block all access to your box from the internet, it should not break anything unless you have a requirement for someone to access your box.


Author Comment

ID: 13467452
>>There is not much you can do other than report it to the ISP that hosts this remote individual.

How do I find out who their ISP is?

Accepted Solution

tmehmet earned 2000 total points
ID: 13468621
just do a traceroute to the remote IP, the name of the ISP will be in the traceroute.

Then visit the ISP website and there should be an 'abuse' email address. Put in a portion of your logs that shows the remote machine scanning you and comlpain that you want it to stop.


Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
A look at what happened in the Verizon cloud breach.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question