Port scanning, or not?

Discussion in 'ESET Smart Security' started by notnoname, Apr 7, 2012.

Thread Status:
Not open for further replies.
  1. notnoname

    notnoname Registered Member

    Joined:
    Apr 7, 2012
    Posts:
    2
    Hi!

    After installing the latest version of Skype, the firewall of ESS has reported that it has blocked multiple port scans from various ip-adresses (not Skype's corporate ip:s). The targeted ports are all used for Skype: 80, 443, and the port for incoming traffic that was originally generated at setup. The port scan attacks are reported when Skype is not running. I am not sure if these are maclicious port scans, or if it they are initiated by Skype on other users' machines. As far as I understand, Skype uses P2P technology, so the reported port scans may just be normal Skype behaviour? The thing that puzzles me is that I would expect the P2P-network that Skype operates on to be informed whether I am connected or not. If so, then nobody should be trying to reach my computer whenever I am not running Skype...?

    Is there anyone who has experienced the same problem and/or knows if these reported port scans can be safely ignored?
     
    notnoname, Apr 7, 2012
    #1
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    Do you have a router? Can you post few lines from the log?
     
    Cudni, Apr 7, 2012
    #2
  3. notnoname

    notnoname Registered Member

    Joined:
    Apr 7, 2012
    Posts:
    2
    Hi!

    Yes, I have a router. Below is an excerpt from the log for one particular attempted connection. (I have anonymized the ip addresses.)

    2012-04-07 19:54:16 The address has been blocked temporarily by active protection (IDS) XX.XXX.XXX.XXX:2888 YY.YY.YYY.YY:80 TCP
    2012-04-07 19:54:10 The address has been blocked temporarily by active protection (IDS) XX.XXX.XXX.XXX:2886 TCP YY.YY.YYY.YY:443
    2012-04-07 19:54:10 The address has been blocked temporarily by active protection (IDS) XX.XXX.XXX.XXX:2888 YY.YY.YYY.YY:80 TCP
    2012-04-07 19:54:09 The address has been blocked temporarily by active protection (IDS) YY.YY.YYY.YY:56616 XX.XXX.XXX.XXX:2885 TCP
    2012-04-07 19:54:08 A port scan attack was identified XX.XXX.XXX.XXX:2884 YY.YY.YYY.YY:56616 TCP
    2012-04-07 19:54:07 No application listening on port XX.XXX.XXX.XXX:2888 YY.YY.YYY.YY:80 TCP
    2012-04-07 19:54:07 No application listening on port TCP XX.XXX.XXX.XXX:2886 YY.YY.YYY.YY:443
    2012-04-07 19:54:06 No application listening on port XX.XXX.XXX.XXX:2885 YY.YY.YYY.YY:56616 TCP
    2012-04-07 19:54:05 No application listening on port XX.XXX.XXX.XXX:2884 YY.YY.YYY.YY:56616 TCP
     
    notnoname, Apr 7, 2012
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...