Ports Scanned

Hi, Every so often my ports are scanned usually by somewhere in china. Last night my AD-Aware scan listed a possible browser hijack attempt. Here's the information i got from a backtrace.
IP: 225.230.230.234..
Country: [Multicast]
City: Unknown

Private IP? Yes
Known Proxy? No
Does anyone know if there's a way to find out more about this? How i feel when things like this happen, i can't write down in the forum. Thanks, wpdmc. Here's some additional info. i have, but don't know what it means.
[OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 224.0.0.0 - 239.255.255.255
CIDR: 224.0.0.0/4
NetName: MCAST-NET
NetHandle: NET-224-0-0-0-1
Parent:
NetType: IANA Special Use
NameServer: FLAG.EP.NET
NameServer: STRUL.STUPI.SE
NameServer: NS.ISI.EDU
NameServer: NIC.NEAR.NET
Comment: This block is reserved for special purposes.
Comment: Please see RFC 3171 for additional information.
Comment:
RegDate: 1991-05-22
Updated: 2002-09-16

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org

# ARIN WHOIS database, last updated 2006-03-21 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
This is what i did the back trace with,
225.230.230.234..
Thanks __________________
wpdmc

 

What makes you think it's China? That's not what the WhoIS states.

Can you post your firewall log?

What more info did Adware give to decide it was a possible browser hijack?

 

Hi, I'm not sure this one is china. My firewall has shown numerous times in the past about my ports being scanned, when i did a backtrace, it would show nothing. Then i would go here, http://www.dnsstuff.com/and i could only find out all the ones in the past have been from bejing, china, or some other city. The reason i say it was a hijack attempt is because AD-AWARE stated, possible browser hijack attempt. With all the other port scans it never said that.
wpdmc.

 

Port scans from China (or anywhere else) are a common occurrence. China shows up regularly, as seen here:

http://isc.sans.org/top10.php


Several from my logs:

http://www.rsjones.net/imgs/portscan_cn.gif
_____________________________________________________

This seems to be normal traffic, which the firewall takes care of.

If you still have concerns, post a recent log and the ad-aware alert, others can take a look.

 

Thanks, i really appreciate your time. Should any problems arise i'll post those things as you said.I also recognized some of those addresses as some i've seen in my searches. Thanks Again. wpdmc.

 

Yesterday and today Norton Internet Securite announced that my computer was port scan-hyökätty (= finnish language, I don’t know the word in english: make some attempt/attack my computer?) from a computer IP 225.230.230.234. I write this number in google and find this wilders security forums and register here. I don’t know, what is port scan and what is this computer 225.230.230.234 and why. I am 55 years old woman and it is difficult to understand.

 

Hello ! Norton's firewall has done its job and it protected you .
All computers have both physical and virtual ports . There are many many virtual ports the computer uses to communicate with the outside world . The bad guys(hackers) uses special tools to search for computers with open ports and then to attack and gain remote access to your computer .
Your ports have 3 states :

• stealth
• closed
• opened

The stealth mode make all ports invisible and closed for hackers.When stealth hackers think your PC doesn't exist at all. The closed mode shows ports as visible but closed and protected . Open is bad .

So when Norton showed this allert , a hacker had decied to scan a range of IPs but when he/she has scanned your IP , Norton has blocked the attack and has told (lied) he hacker "Sorry , boy , this computer doesn't exist" so you are fine

Learn how to protect your computer :
here and here
Hope this helps!

 

Hi,
I get port scans every so often. Some of them are coming from the same number you posted. Almost all the time they're from somewhere in China. I use Sygate
firewall and it blocks the port scan all the time. If you use something like a firewall, it will probably block the scan, meaning the scan didn't get thru. I'm not really sure what a scan is, but i would guess it's someone trying to see what's in your computer. This is just a guess. Since my firewall blocks the scan, they do no harm. wpdmc.

 

See my post above the your

Since you have port scans so ofter , I suggest you buy a qualitive router with NAT and SPI protections to keep these off your computer

 

Hi, the sygate firewall seems to handle the port scans i receive. I also have ad-aware SE
spybot search and destroy, and spyware blaster, i also have AVG Free anti-virus program. So far the firewall has listed them as minor. I also go to the windows update page to check for security updates. Would these things be enough to protect my PC?

 

The router's NAT and SPI are your first layer of protection , peace of hardware and software built-in a device to kill the hack attacks before they reach your computer . The router is optional but very good addition .

Read here and protect your PC