Continous port scanning

Discussion in 'ESET Smart Security' started by nikanthpromod, Nov 4, 2009.

Thread Status:
Not open for further replies.
  1. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    ESET personal firewall log showing a lot of port scanning attacks from source
    67.202.28.159.12200. Attacking always . what to do with thiso_O??
    I checked ip address in http://whatismyipaddress.com
    its showing

    General Information

    Hostname: ec2-67-202-28-159.compute-1.amazonaws.com
    ISP: AMAZON.COM
    Organization: AMAZON.COM
    Proxy: None detected
    Type: Corporate

    Geo-Location Information

    Country: United States
    State/Region: FL
    City: Miami
    Latitude: 25.7615
    Longitude: -80.2939
    Area Code: 305
     
  2. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    Hello nikanthpromod,

    Do you have any Amazon add-ons or plug-ins installed? This could be some type of communication going to those that is being detected in error.
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello nikanthpromod,

    Are you running any type of server (such as an HTTP server)?
    From the limited info given, it could be a search engine spider.
     
  4. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,033
    Location:
    California
    Hello,

    Another possibility might be a program which uses Amazon's Web Services, such as a data backup program which stores your information on the Internet.

    Regards,

    Aryeh Goretsky
     
  5. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    No amazon plugins installed, I didnt use any amazon services.
    I have Firefox as my web browser and google as my search engine.
    But firefox contains amazon search engine but i never used that.

    Continously port scanning every time i enter internet.o_O
    Ihave ESET SS , WINPATROL , REAL TIME DEFENDER
    FIREFOX WITH ADBLOCK PLUS, DOWNLOAD HELPER, SMOOTH WHEEL & JAVA quick starter ADDONS
     
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,033
    Location:
    California
    Hello,

    If you open a Command Prompt (filename: CMD.EXE) and issue a "netstat -b" command, do you see any programs connecting to 67.202.28.159 on port 12000? If so, which ones? If you are running Microsoft Windows Vista or Windows 7 you may need to open an elevated Command Prompt.

    Regards,

    Aryeh Goretsky
     
  7. markdormer

    markdormer Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    1
    I am getting port scanning from that IP and if you browse it you may notice it doesn't look very amazon like.

    There is a file with a list of ip addresses
    3 directories alexa, checkcc and spam.

    Looks dodgy to me.

    Regards
    Mark Dormer
     
  8. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    no. no programs connecting to that ip.

    Surprisingly today i didnt receive any attack from that ip.:D

    I think they are tired:D
     
  9. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    I scanned my pc(win xp) with Hitman pro , MBAM , SAS , ESET , DR.WEB cureit.
    Nothing found. So I think my pc is not infected. Eset blocked port scanning too.

    So im not in danger , right??
     
  10. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    Another prot scanning attack fom 174.129.67.14.12200:doubt: :(

    General Information

    Hostname: ec2-174-129-67-14.compute-1.amazonaws.com
    ISP: AMAZON.COM
    Organization: AMAZON.COM
    Proxy: None detected
    Type: Corporate

    Geo-Location Information

    Country: United States
    State/Region: WA
    City: Seattle
    Latitude: 47.5839
    Longitude: -122.2995
    Area Code: 206


    I think, I receive these attacks when i use Facebook.:'(
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Dont worry about scans. Most are just automated scans being made against thousands+ of IPs looking for server ports (possible un-patched server software) it is why I asked if you where running a server.

    If I set my firewall to log these blocked scans, then I also see hundreds of scans a day. I just ignore them and usually do not log them.


    - Stem
     
  12. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,033
    Location:
    California
    Hello,

    Perhaps an application or service provided by Facebook hosts its data on Amazon.

    Regards,

    Aryeh Goretsky
     
  13. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    Thanks for ur replies.:) :thumb:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.