3 Port scans... help, please!

Discussion in 'other firewalls' started by Brian2005, Sep 8, 2005.

Thread Status:
Not open for further replies.
  1. Brian2005

    Brian2005 Registered Member

    Joined:
    Jul 27, 2005
    Posts:
    65
    Location:
    USA
    Hi everyone,

    I am using Outpost (latest stable version out which is 2.7 and something I believe) and I was looking up an artist's name in Itunes to buy some music from them when Outpost told me that an Intruder was blocked and it was a port scan. Is this normal for Itunes or?

    That was earlier in the day. Tonight, I visited a website called PCpitstop.com to scan my system and how good or bad of condition its in but I never did the test. I just went off to another webpage. But now, 30 mins later... I get a visual alert saying Intruder blocked, and it was done by PCPitstop.com.

    I find this strange... could these be false positives or could these be real attacks?

    Thanks, hope someone can relieve my worries over these sudden, odd intrusions.

    - Brian
     
  2. Brian2005

    Brian2005 Registered Member

    Joined:
    Jul 27, 2005
    Posts:
    65
    Location:
    USA
    12 views... can anyone give me a clue? I just am worried why it would of detected port scans..... o_O
     
  3. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    better to detect them and block them than not ;)
     
  4. Brian2005

    Brian2005 Registered Member

    Joined:
    Jul 27, 2005
    Posts:
    65
    Location:
    USA
    Hey Bigc :), ok true... I have it set to block the intruder for 60 minutes.
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    When trying to determine what you are seeing complete log entries help. Just xxx the end of your public IP.

    Regards,

    CrazyM
     
  6. Brian2005

    Brian2005 Registered Member

    Joined:
    Jul 27, 2005
    Posts:
    65
    Location:
    USA
    Hi,

    Well, I find it very unusual to have such frequent, out of the blue "attacks" because I have a router and I also had Windows Firewall on and never have gotten any alert of anything. The day I install Outpost is the day I've noticed all these windows about different port scans being detected.

    One detected to some website thats called: wiltel . com

    The others occured when I was webcamming with a friend on MSN Messenger, and I used the PCFlank Plugin for Outpost "WhoEasy" and they traced back to that website wiltel . com and Microsoft.

    Again I just find it odd but any ideas would help. Here is a picture of what I see, I cleared out the IP addresses of the intruders but if a picture with their IP addresses would help, then I have that.
     

    Attached Files:

  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Something more along the lines of the following would help:
    denied udp 222.141.93.17(47870) -> 154.xx.xxx.xx(1026)
    denied udp 222.141.93.17(47870) -> 154.xx.xxx.xx(1027)

    It helps to include protocol, source IP/port, destination IP/port. Do the events you are mentioning have all this?

    Regards,

    CrazyM
     
  8. Brian2005

    Brian2005 Registered Member

    Joined:
    Jul 27, 2005
    Posts:
    65
    Location:
    USA
    I was looking at the Outpost forum and another person said they had the same problem but they don't think its anything to worry about. Feel safer using MSN Messenger :)
     
  9. Brian2005

    Brian2005 Registered Member

    Joined:
    Jul 27, 2005
    Posts:
    65
    Location:
    USA
    Thank you CrazyM for your help though, and no I do not... not that I see. I was more less nervous and had to post but not thinking before I should, to check Outpost forum for any known issues and so forth. I apoligize, but again, I don't think I need to worry :).

    ~ Brian
     
  10. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    No need to apologize. The idea was to get the detailed logs in order to get a better idea of what you may be seeing and why. If these are just false alarms in Outpost it would be nice to know.

    Regards,

    CrazyM
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.