find what program that can cause constant port scans?

i have outpost firewall, the other day i was getting constant port scans from 1 IP to ports TCP (4536, 4752, 2597, 4804, 1795, 1733)

The ip isnt chinese etc, but from Zuerich of all places.

i looked up in the firewall, but the process name was not available

This happens several times an hour, and each time the ip is blocked for 5 min as in the outpost rules.

the only solution i can think of is to exclude a program from startup 1 by one to see what happens.

 

If someone from outside scans you don't need to check installed programs. They have nothing to do with him.

Just ban his IP forever and you are done

 

well, ive checked the logs and it seems to be tcp 4662 thats noted in outpost logs.

ive changed the external ip, and it still ongoing.

But the attack warnings seems to stop when i connect straight to the modem, and not through the router.

But the router settings havent been changed for a while, and this just started some days ago. Also the outpost rules havent been changed too much.

so to sum up, connected straight to modem-> no warnings in outpost

pc->router->modem = attack warnings everytime.

 

Do you use P2P software (emule?)

Reset your router. All inbound should be stopped/blocked at this layer, unless you have set port_forward (some P2P/torrent clients can open ports in your router via uPnP)

 

emule was on, for an rare occasion but tcp port 4662 is not used.

the attack notices comes also when emule is not running.

ill save the config and reset router see if that helps

 

When you run eMule, the settings within eMule (the inbound you set/allow for TCP/UDP) will be passed to the servers/other eMule users. While eMule is running, these inbound will be allowed,.. But when you close eMule, the servers/ other users will still be trying to connect in, This is when the firewall will block/ show alerts /log the blocked packets. (port 4662 is the default TCP inbound for eMule,... if you are not wanting / allowing the inbound (for inbound server/ other user connection / high ID) then disable this in eMule network settings)

 

ah, thanks.

Rarely use emule, combined with new router and outpost firewall would probably do this.....