Continous port scanning

Discussion in 'ESET Smart Security' started by nikanthpromod, Nov 4, 2009.

Thread Status:
Not open for further replies.
  1. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    ESET personal firewall log showing a lot of port scanning attacks from source
    67.202.28.159.12200. Attacking always . what to do with thiso_O??
    I checked ip address in http://whatismyipaddress.com
    its showing

    General Information

    Hostname: ec2-67-202-28-159.compute-1.amazonaws.com
    ISP: AMAZON.COM
    Organization: AMAZON.COM
    Proxy: None detected
    Type: Corporate

    Geo-Location Information

    Country: United States
    State/Region: FL
    City: Miami
    Latitude: 25.7615
    Longitude: -80.2939
    Area Code: 305
     
  2. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    Hello nikanthpromod,

    Do you have any Amazon add-ons or plug-ins installed? This could be some type of communication going to those that is being detected in error.
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello nikanthpromod,

    Are you running any type of server (such as an HTTP server)?
    From the limited info given, it could be a search engine spider.
     
  4. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Another possibility might be a program which uses Amazon's Web Services, such as a data backup program which stores your information on the Internet.

    Regards,

    Aryeh Goretsky
     
  5. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    No amazon plugins installed, I didnt use any amazon services.
    I have Firefox as my web browser and google as my search engine.
    But firefox contains amazon search engine but i never used that.

    Continously port scanning every time i enter internet.o_O
    Ihave ESET SS , WINPATROL , REAL TIME DEFENDER
    FIREFOX WITH ADBLOCK PLUS, DOWNLOAD HELPER, SMOOTH WHEEL & JAVA quick starter ADDONS
     
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    If you open a Command Prompt (filename: CMD.EXE) and issue a "netstat -b" command, do you see any programs connecting to 67.202.28.159 on port 12000? If so, which ones? If you are running Microsoft Windows Vista or Windows 7 you may need to open an elevated Command Prompt.

    Regards,

    Aryeh Goretsky
     
  7. markdormer

    markdormer Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    1
    I am getting port scanning from that IP and if you browse it you may notice it doesn't look very amazon like.

    There is a file with a list of ip addresses
    3 directories alexa, checkcc and spam.

    Looks dodgy to me.

    Regards
    Mark Dormer
     
  8. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    no. no programs connecting to that ip.

    Surprisingly today i didnt receive any attack from that ip.:D

    I think they are tired:D
     
  9. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    I scanned my pc(win xp) with Hitman pro , MBAM , SAS , ESET , DR.WEB cureit.
    Nothing found. So I think my pc is not infected. Eset blocked port scanning too.

    So im not in danger , right??
     
  10. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    Another prot scanning attack fom 174.129.67.14.12200:doubt: :(

    General Information

    Hostname: ec2-174-129-67-14.compute-1.amazonaws.com
    ISP: AMAZON.COM
    Organization: AMAZON.COM
    Proxy: None detected
    Type: Corporate

    Geo-Location Information

    Country: United States
    State/Region: WA
    City: Seattle
    Latitude: 47.5839
    Longitude: -122.2995
    Area Code: 206


    I think, I receive these attacks when i use Facebook.:'(
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Dont worry about scans. Most are just automated scans being made against thousands+ of IPs looking for server ports (possible un-patched server software) it is why I asked if you where running a server.

    If I set my firewall to log these blocked scans, then I also see hundreds of scans a day. I just ignore them and usually do not log them.


    - Stem
     
  12. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Perhaps an application or service provided by Facebook hosts its data on Amazon.

    Regards,

    Aryeh Goretsky
     
  13. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    Thanks for ur replies.:) :thumb:
     
Thread Status:
Not open for further replies.