Port Scans

Posted on 2006-04-28
Last Modified: 2008-02-01
i keep seeing an alert in my firewall logs for a possible port scan being dropped
the scan is always initiated from, 80 WAN on TCP ports: 3876, 3877, 3878, 3880, 3881 or some combination of those ports.
i looked up the ports
dl_agent      3876      DirectoryLockdown Agent
xmpcr-interface      3877      XMPCR Interface Port
fotogcad      3878      FotoG CAD interface
appss-lm      3879      appss license manager
microgrid      3880      microgrid
idac      3881      Data Acquisition and Control

what is this and how to i stop it?
Question by:zephyr_hex
    LVL 51

    Expert Comment

    > what is this and how to i stop it?
    you cannot stop it (except you have access to the mashine with that IP)
    simply block all access from that IP in your firewall
    LVL 4

    Expert Comment

    You'll laugh to know whose this IP address is:  247ms  259ms  261ms  TTL: 53  ( ok)

    If you enter into your browser you'll get here :)
    I'm sure I once stumbled upon discussion on this site about this issue exactly - someone reported
    that she's being scanned by, the conclusion was whatever it may be there's
     no logical reason for to do it. E.g. in nmap you have option to enter 'decoy'
    IP addresses so they will be used in scans, and not the real IP of the sender. If return IP was
    spoofed , there's no way to track the real scanner unless you have access to all intermediate
    points of transfer (i.e. routers). Only big guns like FBI, NSA, AFOSI can get such access.

    IF you do block access, you'll cut off access to expert-exchange :)
    Conclusion - forget about it.

    Or, if you are real keen on digging the truth, you can install network sniffer (Ethereal is free and the best, for Windows laso Winpcap capturing library should be installed) and capture all the traffic
    for correlation and investigation. It's a lot of work and success is not guaranteed.

    Of course port assignments (those higher than 1024) are superficial.
    LVL 51

    Expert Comment

    by:Keith Alabaster
    As Yurisk states, that IP address is one of ours.....

    LVL 42

    Author Comment

    ha... well... so much for trying to block the IP ;)

    is this scanning any kind of indicator that one of my client computers has spyware on it?
    do i need to be concerned about the scanning (should i spend the time and effort to hunt it down)?

    i checked one of our other locations...and they have something similar going on (not with an EE IP, but with a different source IP : )
    i tried a lookup on that IP and got nothing, but if it's anything like the scan on the ports of the firewall i have here at my location, it is spoofed.
    LVL 4

    Accepted Solution

    is this scanning any kind of indicator ..?  No, it's not. If it were OUTgoing connections from the
    machine in question then it would be yes.

    do i need to be concerned about the scanning ?  in 90% of  cases in general not. Not at all regarding these particular scans.  is not a machine,but network appliance (most probably border router)
    LVL 51

    Expert Comment

    > .. the scan on the ports of the firewall i have here at my location, it is spoofed.
    do you mean that you make thes observations at your firewall? Does this also mean that your firwall cannot detect spoofed IPs? Then I'd first get rid of that so-called firewall ;-)

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    This video discusses moving either the default database or any database to a new volume.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now