Solved

How do I stop unwanted port scan attacks so I can join and use Facebook?

Posted on 2010-11-10
7
1,758 Views
Last Modified: 2012-05-10
Hello. I have a question. I notice at after joining Facebook in January 2010 for the first time, I had issues with port scan attacks as the attacks were originating from some location in inland China on my computer. My computer’s 3rd party security solution software program, namely the firewall component was protecting me and delivering messages about the attacks on my system. I found it was somewhere deep in China that was attacking me from the reported IP address my firewall provided me. At the time I had Windows XP Media Center Edition 2005. I live in the USA. I use a cable internet provider with a cable modem only. I have contacted my cable internet provider and I tell them the issue. They state that they will report it (Send the information on.) and I should no longer be receiving any attacks as if they backlist them. However, I was still receiving the attacks. I think reporting their IP address is somehow ineffective and whether or not from a higher administrative level this action was ever resolved or not. If they did resolve this issue, the offending attacker may be using another IP address to still attack me. I did get several IP addresses all located in one of two locations in China. I guess there are extraneous circumstances how this port scan attacks were still being done when I reported it. It may be out of the control of my cable ISP.  I still received the port scan attacks. So I found my cable ISP cannot do anything to resolve the system attacks on my end.  

I was receiving these port scan attacks right after joining Facebook. So I researched this and found at the time that system attacks do occur for members of Facebook and something through my IP address is how they are attacking me. Yet, asking other Facebook members about getting such attacks and they reply stating they do not get anything of the sort. These port scan attacks occurred about 30-50 times a day. It was nice to know my firewall was doing its job and blocking my system’s ports. So after getting annoyed and irritated with port scan blocking from my firewall, I decided to terminate my Facebook in late February 2010 in hopes this would go away. I know it takes time for your account to be permanently deleted as long as I never log back into my account ever again. It just so happens the port scan attacks started to decreases in number over time too. After approximately 5 months following the closure request of my Facebook account, I finally received the last attack. Since that time, I have been free of any more port scan attacks.

Now I am using Windows 7 Professional along with the same security solution software I had in Windows XP Media Center Edition 2005.

Here is the thing: I would like to rejoin with Facebook soon, but I am not too happy of the thought of enduring another series of port scan attacks again.

So my question is:

1.      What do they want when these offending attackers attack my system?  
2.      What can I do to stop these port scan attacks this time around?
3.      Any way to alter or hide my IP address at my discretion when I create a new account and/or sign in to Facebook?
4.      What are the proper channels to resolve an issue like this? (If you focus on my ISP: A different strategy, means or process though my cable ISP if my chance?)  
5.       Any other possible or probable answers or solutions you can think of yourself to help lessen or remove and/or end these attacks?
 
Please reply.

Thank you!  
0
Comment
Question by:ComputerCamper
  • 4
  • 3
7 Comments
 
LVL 7

Accepted Solution

by:
justadad earned 500 total points
ID: 34109360
I personally think the port scan attacks and the facebook account do not have anything in common. Especially if your service gets a DHCP assigned IP address as your IP address would change over time. If you have your computer directly connected to the cable modem without a router even with some software firewalls a port scan can still determine what OS you have which would then have them start to scan more things.

1. To find any weakness so that they can use scripts to take control and use your computer to send spam or other nefarious purpose.
2, 5. Put in a hardware firewall/router so that it intercepts all port scans and your computer never sees it.  If you have a consumer level router/fw with NAT make sure that your computer is not set as the "DMZ" computer. Putting in a HW firewall will free up your main computer CPU from having to inspect each packet. I found one sped up my browsing when I first got one 10 years ago.
3. Use an "anonymizing proxy" service to connect to Facebook.
4. Change your Static IP address would be one way to do it.
5. see 2.
0
 

Author Comment

by:ComputerCamper
ID: 34113578
@ justadad:

Hello. Thanks for your reply.

Your solutions appear very rational and reasonable to me. The hardware firewall from a router is something I will consider then.

Question 1: Does a router (a separate piece of hardware in my case) that has a hardware firewall in it have to be running wireless in order to work or not to still have the hardware firewall working? In other words, can I turn off the wireless capability or option and still have hardware firewall working for me just by being wired ONLY between the modem and the computer?

Question 2: Please tell me more about a "DMZ computer" and what you mean about "... make sure that your computer is not set as the 'DMZ' computer"? (A new term for me that I would like to hear more about please. I have heard no one mention that to me before.)

Question 3: Please tell me more about the "anonymizing proxy"? How does it work, how do I get one, and how do I setup one?

Just to let you know I have a cable ISP and my dynamic IP address has not changed in a long time now. I must have an ISP that has long term leases.    

Please reply.

THANK YOU!!!
0
 
LVL 7

Assisted Solution

by:justadad
justadad earned 500 total points
ID: 34115438
Q1. Short answer YES. You can disable the wireless.  But you can also buy one that does not contain any wireless function too and save $5. As an example I just looked at buy.com and looked at wired routers. They had a Linksys one that was refurbished that would handle what you need for $15.99 with free US shipping. They had other new ones less than $40.

Q2. Don't worry it as it is not turned on by default on the routers.  Basically if you have 1 computer that you were using to serve certain applications you would set your router to forward all ports to that one machine. In that case a port scan would pass through to that machine.

Q3. You can google that term and find lots of anonymizing proxies, however you would have to trust them to not be tracking your stuff. The oldest most reputed one is http://www.anonymizer.com/ but I don't think it is free anymore.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:ComputerCamper
ID: 34117776
@ justadad:

Thank you for your answers and solutions. I'll tell you, of the users and IT professionals out there that I have talked to, your sensible and practical solutions are different and wonderful. I just do not hear from others your kind of REAL answers/solutions that would work wonderfully.

I have two further questions before I end this question since YOU the only source of information regarding the issue you seem to completely understand:

A) Further explaining question number 2 above: Do you have any 'good weblinks' YOU REGARD as valuable and reliable information online that I can read about this so I do not keep bugging you.
(Your statement: "Put in a hardware firewall/router so that it intercepts all port scans and your computer never sees it.  If you have a consumer level router/fw with NAT make sure that your computer is not set as the "DMZ" computer. Putting in a HW firewall will free up your main computer CPU from having to inspect each packet. I found one sped up my browsing when I first got one 10 years ago.".) I would love to learn more about this.

B) Also, any general information defining the steps or process regarding your statement, "...you would set your router to forward all ports to that one machine." I am curious how to do this. If you would rather not outline steps and have a really good link on how to do this, please reply with that link.

I would love to learn more on my own about this without bugging you any further.

Please reply one last time.

Thank you!

     
0
 
LVL 7

Assisted Solution

by:justadad
justadad earned 500 total points
ID: 34117963
A great movie that illustrates what a firewall and router do is "Warriors of the Net": http://www.youtube.com/watch?v=LGnJw9rtjas

1. The feature of the Firewall that will stop your port scans is the NAT or Network Address Translation. When your computer browses the Internet the firewall tells the web server on the other side to reply on a specific port. That port is open then for replies. It is some very high random port. When the reply comes the FW looks at it's state table to look at the request to know which machine on the inside to send the packet to and to what original reply port number that your machine had used. The firewall also uses something called Stateful Packet Inspection to look at the packets it receives before passing them on to make sure that the reply is a genuine reply coming back to you.  In some cases this doesn't work but for most consumers it is very rare. In those cases is when you enable the forwarding of specific ports. Many firewall/routers come with predefined rules for applications that you would need to open a port for if that is the case. And on the even rarer case that doesn't work you enable the DMZ feature of the firewall I mention in number 2 below...but again I would only use that as the last resort. You would be better to forward an individual port in that you know you need.


2. You can read some from the Linksys Manual of one of the routers you could buy at: http://homedownloads.cisco.com/downloads/userguide/1224641229113/BEFSR41_V43_UG_NC-WEB.pdf
Then look at the section titled: Applications and Gaming > DMZ on page 12 (pdf page 14).
However if you have only one computer and you turn it on for your computer, then it would be very similar to having your computer plugged directly into the Internet without a firewall at all. All port scans would be passed right through to it instead of the Firewall dropping those scan packets. The Firewall wouldn't be doing any of the stateful packet inspection and just pass all things right in.


I hope that I did not send you down a rabbit hole on that one. :-)

0
 

Author Comment

by:ComputerCamper
ID: 34117996
@ justadad:

Thanks for your reply. You didn't send me 'down a rabbit hole on that one'. I like to learn and willing to go out of my way in order to learn it. ..and YOUR 'REAL' SOLUTIONS AND ANSWERS 'I WANT' TO LEARN!!!

Question closed...    
0
 

Author Closing Comment

by:ComputerCamper
ID: 34118029
justadad provided me an excellent practical and useful solution that WILL WORK!!!  ...actually MORE THAN ONE practical and useful solution will work!

Since justadad were the only one that replied and provided an outstanding answers/solutions, justadad first response is the “accepted solution” laying down the framework answers my questions specifically. The rest of justadad responses are excellent well defined “assisted solutions”. Justadad gets full credit!

Again, thank you!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

In this guide, I outline 7 key steps to help technology professionals grow their careers. Whether you have been working in technology for 10 years or for 10 days, follow these steps to help you achieve your career goals and pursue your passions.
As a long-time IT Professional, the most important skill I have developed and consider to be my most valuable tool is Effective Troubleshooting. Step through my problem-solving procedure in this 10-step guide adapted from The Universal Troubleshooti…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now