port scans

Discussion in 'Forum Related Discussions' started by gerardwil, Aug 25, 2006.

Thread Status:
Not open for further replies.
  1. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    EU
    Minor issue I suppose but why is Wilders doing port scans?

    Gerard
     
    gerardwil, Aug 25, 2006
    #1
  2. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    o_O never recogniced that. How do you come to this conclusion?
     
    Tommy, Aug 25, 2006
    #2
  3. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    EU
    Because I saw this.
     

    Attached Files:

    gerardwil, Aug 25, 2006
    #3
  4. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Actually it would be a MAJOR issue Gerard if indeed Wilders was doing a port scan on anyones PC.

    Other than the pic you are showing....what other info would you mind sharing that might help determine how you are coming to this conclusion :doubt:
     
    Bubba, Aug 25, 2006
    #4
  5. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    EU
    Hi Bubba,

    I will PM you.

    Gerard
     
    gerardwil, Aug 25, 2006
    #5
  6. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    EU
    Bubba will come back here after reading and answering my PM. Thanks Bubba!

    For todays log I found this one but it doesnt mean anything to me, but I suppose Dshield will filter this one out when converting my log to theirs:

    2006-08-25 09:11:33 DROP TCP 65.175.38.194 192.168.2.220 80 2367 40 FA 2014630893 533529849 8866 - - - RECEIVE

    Gerard
     
    gerardwil, Aug 25, 2006
    #6
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,280
    Location:
    New England
    Ah, that makes sense. When the source port is 80 (from the IP address of a webserver you've visited recently), and the destination port is in the ephemeral port range (on your computer), then the usual reason for a reported "port scan" is simply delayed packets returning from the webserver after your firewall or router has timed out the connection. This is one of the most common scenarios for "port scan" false positive alerts.

    There's more information about this at the following link:

    http://www.mynetwatchman.com/kb/res-falsepos.htm
     
    LowWaterMark, Aug 25, 2006
    #7
  8. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    EU
    Thanks for answering and the link.
    I am happy I learned again something today :)

    Gerard
     
    gerardwil, Aug 25, 2006
    #8
  9. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    And it show us you are always stand-by;)
     
    Last edited: Aug 26, 2006
    Smokey, Aug 25, 2006
    #9
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...