Port scanning, or not?

Discussion in 'ESET Smart Security' started by notnoname, Apr 7, 2012.

Thread Status:
Not open for further replies.
  1. notnoname
    Offline

    notnoname Registered Member

    Hi!

    After installing the latest version of Skype, the firewall of ESS has reported that it has blocked multiple port scans from various ip-adresses (not Skype's corporate ip:s). The targeted ports are all used for Skype: 80, 443, and the port for incoming traffic that was originally generated at setup. The port scan attacks are reported when Skype is not running. I am not sure if these are maclicious port scans, or if it they are initiated by Skype on other users' machines. As far as I understand, Skype uses P2P technology, so the reported port scans may just be normal Skype behaviour? The thing that puzzles me is that I would expect the P2P-network that Skype operates on to be informed whether I am connected or not. If so, then nobody should be trying to reach my computer whenever I am not running Skype...?

    Is there anyone who has experienced the same problem and/or knows if these reported port scans can be safely ignored?
  2. Cudni
    Offline

    Cudni Global Moderator

    Do you have a router? Can you post few lines from the log?
  3. notnoname
    Offline

    notnoname Registered Member

    Hi!

    Yes, I have a router. Below is an excerpt from the log for one particular attempted connection. (I have anonymized the ip addresses.)

    2012-04-07 19:54:16 The address has been blocked temporarily by active protection (IDS) XX.XXX.XXX.XXX:2888 YY.YY.YYY.YY:80 TCP
    2012-04-07 19:54:10 The address has been blocked temporarily by active protection (IDS) XX.XXX.XXX.XXX:2886 TCP YY.YY.YYY.YY:443
    2012-04-07 19:54:10 The address has been blocked temporarily by active protection (IDS) XX.XXX.XXX.XXX:2888 YY.YY.YYY.YY:80 TCP
    2012-04-07 19:54:09 The address has been blocked temporarily by active protection (IDS) YY.YY.YYY.YY:56616 XX.XXX.XXX.XXX:2885 TCP
    2012-04-07 19:54:08 A port scan attack was identified XX.XXX.XXX.XXX:2884 YY.YY.YYY.YY:56616 TCP
    2012-04-07 19:54:07 No application listening on port XX.XXX.XXX.XXX:2888 YY.YY.YYY.YY:80 TCP
    2012-04-07 19:54:07 No application listening on port TCP XX.XXX.XXX.XXX:2886 YY.YY.YYY.YY:443
    2012-04-07 19:54:06 No application listening on port XX.XXX.XXX.XXX:2885 YY.YY.YYY.YY:56616 TCP
    2012-04-07 19:54:05 No application listening on port XX.XXX.XXX.XXX:2884 YY.YY.YYY.YY:56616 TCP
Thread Status:
Not open for further replies.