port scans

Discussion in 'General Topics' started by gerardwil, Aug 25, 2006.

Thread Status:
Not open for further replies.
  1. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Minor issue I suppose but why is Wilders doing port scans?

    Gerard
     
  2. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    o_O never recogniced that. How do you come to this conclusion?
     
  3. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Because I saw this.
     

    Attached Files:

  4. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Actually it would be a MAJOR issue Gerard if indeed Wilders was doing a port scan on anyones PC.

    Other than the pic you are showing....what other info would you mind sharing that might help determine how you are coming to this conclusion :doubt:
     
  5. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Hi Bubba,

    I will PM you.

    Gerard
     
  6. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Bubba will come back here after reading and answering my PM. Thanks Bubba!

    For todays log I found this one but it doesnt mean anything to me, but I suppose Dshield will filter this one out when converting my log to theirs:

    2006-08-25 09:11:33 DROP TCP 65.175.38.194 192.168.2.220 80 2367 40 FA 2014630893 533529849 8866 - - - RECEIVE

    Gerard
     
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Ah, that makes sense. When the source port is 80 (from the IP address of a webserver you've visited recently), and the destination port is in the ephemeral port range (on your computer), then the usual reason for a reported "port scan" is simply delayed packets returning from the webserver after your firewall or router has timed out the connection. This is one of the most common scenarios for "port scan" false positive alerts.

    There's more information about this at the following link:

    http://www.mynetwatchman.com/kb/res-falsepos.htm
     
  8. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Thanks for answering and the link.
    I am happy I learned again something today :)

    Gerard
     
  9. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    And it show us you are always stand-by;)
     
    Last edited: Aug 26, 2006
Thread Status:
Not open for further replies.