ESS gives me port scanning attacks

Discussion in 'ESET Smart Security' started by FerdyB, Aug 30, 2012.

Thread Status:
Not open for further replies.
  1. FerdyB

    FerdyB Registered Member

    Joined:
    Aug 30, 2012
    Posts:
    4
    Location:
    Netherlands
    Hello,

    See the attachment please.
    Can I do something about this messages?
     

    Attached Files:

  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Not sure what server / device the subnet 58.218.199.0/255.255.255.0 belongs to. If it's 100% trustworthy, you can exclude it from active protection in the zone setup.
     
  3. FerdyB

    FerdyB Registered Member

    Joined:
    Aug 30, 2012
    Posts:
    4
    Location:
    Netherlands
    Thanks for your reply!

    I also don't know what server / device the subnet 58.218.199.0/255.255.255.0 belongs to. So it's not 100% trustworthy.

    Can I check what is the origin of this IP in any way?
     
  4. TomFace

    TomFace Registered Member

    Joined:
    Jan 8, 2011
    Posts:
    77
    Location:
    USA
    I believe the 58.218.199 is in China-perhaps Jiangsu province (hackers/exploiters I would think). I have had the same (IP) attacks in the past. There are several ways to look up IPs, as I am not an IT/AV expert, I just input part of the address in to Dogpile.com (my search engine of choice) and scan the results list for a clue. Crude, but it mostly works. That way I don't have to go to unknown websites (unknown to me) to check further. To the best of my knowledge Dogpile has never caused an issue for me. Of course, the results it list, depending on the site, may or may not be safe.
     
    Last edited: Aug 30, 2012
  5. FerdyB

    FerdyB Registered Member

    Joined:
    Aug 30, 2012
    Posts:
    4
    Location:
    Netherlands
    Thanks for your reply!

    Maybe if I can get a new public IP address of the ISP, my problem will be solvedo_O I give it a try and let you know here.
     
  6. TomFace

    TomFace Registered Member

    Joined:
    Jan 8, 2011
    Posts:
    77
    Location:
    USA
    I use AT&T DSL here in Ohio and I know when I restart (off, wait then on) my DSL modem, it assigns me a new IP (maybe my terminology is incorrect). Depending what IP band(s) the Chinese are scanning, this seems to aleviate their attacks-as I am in a different IP band. This procedure gives me a 50/50 chance.
     
  7. FerdyB

    FerdyB Registered Member

    Joined:
    Aug 30, 2012
    Posts:
    4
    Location:
    Netherlands
    @Tomface
    My ISP also changed the public IP address when I unplug, wait a while and reconnect. So I hope it works, I let you know.
     
Thread Status:
Not open for further replies.