3 Port scans... help, please!

Discussion in 'other firewalls' started by Brian2005, Sep 8, 2005.

Thread Status:
Not open for further replies.
  1. Brian2005

    Brian2005 Registered Member

    Joined:
    Jul 27, 2005
    Posts:
    65
    Location:
    USA
    Hi everyone,

    I am using Outpost (latest stable version out which is 2.7 and something I believe) and I was looking up an artist's name in Itunes to buy some music from them when Outpost told me that an Intruder was blocked and it was a port scan. Is this normal for Itunes or?

    That was earlier in the day. Tonight, I visited a website called PCpitstop.com to scan my system and how good or bad of condition its in but I never did the test. I just went off to another webpage. But now, 30 mins later... I get a visual alert saying Intruder blocked, and it was done by PCPitstop.com.

    I find this strange... could these be false positives or could these be real attacks?

    Thanks, hope someone can relieve my worries over these sudden, odd intrusions.

    - Brian
     
  2. Brian2005

    Brian2005 Registered Member

    Joined:
    Jul 27, 2005
    Posts:
    65
    Location:
    USA
    12 views... can anyone give me a clue? I just am worried why it would of detected port scans..... o_O
     
  3. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    better to detect them and block them than not ;)
     
  4. Brian2005

    Brian2005 Registered Member

    Joined:
    Jul 27, 2005
    Posts:
    65
    Location:
    USA
    Hey Bigc :), ok true... I have it set to block the intruder for 60 minutes.
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    When trying to determine what you are seeing complete log entries help. Just xxx the end of your public IP.

    Regards,

    CrazyM
     
  6. Brian2005

    Brian2005 Registered Member

    Joined:
    Jul 27, 2005
    Posts:
    65
    Location:
    USA
    Hi,

    Well, I find it very unusual to have such frequent, out of the blue "attacks" because I have a router and I also had Windows Firewall on and never have gotten any alert of anything. The day I install Outpost is the day I've noticed all these windows about different port scans being detected.

    One detected to some website thats called: wiltel . com

    The others occured when I was webcamming with a friend on MSN Messenger, and I used the PCFlank Plugin for Outpost "WhoEasy" and they traced back to that website wiltel . com and Microsoft.

    Again I just find it odd but any ideas would help. Here is a picture of what I see, I cleared out the IP addresses of the intruders but if a picture with their IP addresses would help, then I have that.
     

    Attached Files:

  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Something more along the lines of the following would help:
    denied udp 222.141.93.17(47870) -> 154.xx.xxx.xx(1026)
    denied udp 222.141.93.17(47870) -> 154.xx.xxx.xx(1027)

    It helps to include protocol, source IP/port, destination IP/port. Do the events you are mentioning have all this?

    Regards,

    CrazyM
     
  8. Brian2005

    Brian2005 Registered Member

    Joined:
    Jul 27, 2005
    Posts:
    65
    Location:
    USA
    I was looking at the Outpost forum and another person said they had the same problem but they don't think its anything to worry about. Feel safer using MSN Messenger :)
     
  9. Brian2005

    Brian2005 Registered Member

    Joined:
    Jul 27, 2005
    Posts:
    65
    Location:
    USA
    Thank you CrazyM for your help though, and no I do not... not that I see. I was more less nervous and had to post but not thinking before I should, to check Outpost forum for any known issues and so forth. I apoligize, but again, I don't think I need to worry :).

    ~ Brian
     
  10. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    No need to apologize. The idea was to get the detailed logs in order to get a better idea of what you may be seeing and why. If these are just false alarms in Outpost it would be nice to know.

    Regards,

    CrazyM
     
Loading...
Thread Status:
Not open for further replies.