firewall question

Discussion in 'other firewalls' started by Rita, Aug 7, 2004.

Thread Status:
Not open for further replies.
  1. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hey everyone
    last night i noticed my firewall icon blinking so i click up the security log and it said someone scanning ports so i do a backtrace and it gave this message:% objects are in RPSL format.what does this mean?
    thanks
    Rita
     
  2. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Rita, try www.dnsstuff.com, it's website can trace the IP address of the person who scanned you.
    I also have been getting several port scans these days, anyway all my ports are stealthed out 100%.
    Eg:
    Somebody is scanning your computer.
    Your computer's TCP ports:
    2745, 5000, 6129, 3140 and 80 have been scanned from **********
     
  3. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Not an expert on this stuff, but here is what I believe is happening. When you did a trace, the IP if the intruder is looked up in a Internet Registry. The data displayed is in a format known as RPSL, or Routing Policy Specification Language. See here and here.
     
  4. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hi Nadirah
    i traced the ip address for both that were scanning ports and they were earthlink network and enjoy world from Seoul Korea--thanks for the link.what does this mean?is it important?excuse my ignorance but if firewall is flashing have these scans been blocked?
    thanks
    Rita
    Rita
     
  5. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hi Daisey
    thanks for link i went and read it but im afraid i didnt really understand any of it.i have so much to learn sometimes its overwhelming.thank you for trying to help :) someday i will understand i promise
    thanks
    Rita
     
  6. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Rita

    If you are ever curious about the IP's showing up in your firewall logs, it is better to use one of the online lookup sites like nadirah linked to. If you do these querries via options in your firewall and on your own system, some of these lookups and traceroutes will result in your system contacting the system being querried and you could end up showing up in their logs (so much for stealth if you are concerned about that).

    It is normal to see scans and worm activity coming from all over the globe.

    Yes your firewall has blocked these unsolicited inbound packets.

    Regards,

    CrazyM
     
  7. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Yes, any firewall will block these scans. More importantly, make sure all your ports are either blocked/stealthed.
     
  8. JRosenfeld

    JRosenfeld Registered Member

    Joined:
    Jul 26, 2004
    Posts:
    117
  9. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    Hi CrazyM
    thank you for your reply and if i do any more traces i'll use an online lookup site that Nadirah linked me to as you said.--is there really any benefit to doing a backtrace if the firewall has blocked them other than just curiosity?I have never used a firewall till about 2 weeks ago so i dont know much about them
    thanks
    rita
     
  10. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv

    hi
    thank you for the link--i'll check it out

    Rita
     
  11. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear ritaann, portscans are very common and most of the time harmless when you're using a good firewall. so no need to lose sleep over this matter unless you have a regular visitor. most people select a random block for portscan and if for some reason someone is hellbent on your IP then you should report this attack to his/her ISP. try to hide your IP as much as you can specially if you're using a static one. most ISPs doesn't tolerate portscanning so i'm sure there will be some action.
     
  12. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hi crazym
    could you tell me about executable files?firewall was flashing and i looked at the security log and it was an executable file outgoing from a spyware scanner i have(a squared two)that was blocked.what does this mean?anything?
    thanks
    rita
     
  13. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Curiosity mostly, as users sometimes like to see where all those scans showing up in their logs are coming from. Some may like to monitor logs for trends which would include things like source IP's (and where they are) and ports being scanned. If you were ever to experience a real attack, then information provided by some of these utilities would be helpful in determining who to contact if you were to follow up on it. (Don't worry, most home users never experience a real attack.)

    Does this program that was blocked have an update feature that may have been trying to access the Internet? You will need to confirm that it is a trusted program, and if so, do you want to create a rule to allow it access to the Internet. I take it your current settings are blocking anything not allowed out, the alternative being to have the firewall prompt?

    Regards,

    CrazyM
     
  14. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv

    Hi CrazyM
    yes,this program does have an update feature and i have already checked yes to allow it to access internet when the firewall prompted me one day and i clicked yes not to ask me again.but i bet its what it is anyway.thanks so much for your reply
    Rita
     
  15. mismis29

    mismis29 Registered Member

    Joined:
    Jul 15, 2004
    Posts:
    74
    Location:
    Ottawa, Canada
    Hey all :)

    I've been reading all the posts and must say that you guys are full of great advice! I was just wondering where to go to test my firewall?

    Thanx a bunch!
     
    Last edited: Aug 16, 2004
  16. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi mismis29,

    Try the Shields Up at GRC.com.
    Click on the Shields up picture, then scroll down near the bottom of the page for the Shields up link.
    There are other good ones too, but GRC is pretty fast.
     
  17. mismis29

    mismis29 Registered Member

    Joined:
    Jul 15, 2004
    Posts:
    74
    Location:
    Ottawa, Canada
    Thanx for the suggestion! I'll give it a try.
     
  18. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi mismis29.... yes that GRC site listed by Devinco ;) is very good, it was probably one of the first out there.

    There are 3 main tests you can take there. File Sharing, Common Ports and All Service Ports. Also check to see if you can be Messenger Spammed, and Browser Headers info.

    Also, you may like to try this lot out in THIS Thread.

    I've listed a lot of sites for various tests, etc. including AV's, Browsers, Firewalls.

    Have fun. :D

    Cheers, TAS
     
Loading...
Thread Status:
Not open for further replies.