Ports Scanned

Discussion in 'other anti-malware software' started by wpdmc, Mar 22, 2006.

Thread Status:
Not open for further replies.
  1. wpdmc

    wpdmc Registered Member

    Joined:
    Mar 20, 2006
    Posts:
    45
    Location:
    North Central Penna.
    o_O Hi, Every so often my ports are scanned usually by somewhere in china. Last night my AD-Aware scan listed a possible browser hijack attempt. Here's the information i got from a backtrace.
    IP: 225.230.230.234..
    Country: [Multicast]
    City: Unknown

    Private IP? Yes
    Known Proxy? No
    Does anyone know if there's a way to find out more about this? How i feel when things like this happen, i can't write down in the forum. Thanks, wpdmc.:mad: Here's some additional info. i have, but don't know what it means.
    [OrgName: Internet Assigned Numbers Authority
    OrgID: IANA
    Address: 4676 Admiralty Way, Suite 330
    City: Marina del Rey
    StateProv: CA
    PostalCode: 90292-6695
    Country: US

    NetRange: 224.0.0.0 - 239.255.255.255
    CIDR: 224.0.0.0/4
    NetName: MCAST-NET
    NetHandle: NET-224-0-0-0-1
    Parent:
    NetType: IANA Special Use
    NameServer: FLAG.EP.NET
    NameServer: STRUL.STUPI.SE
    NameServer: NS.ISI.EDU
    NameServer: NIC.NEAR.NET
    Comment: This block is reserved for special purposes.
    Comment: Please see RFC 3171 for additional information.
    Comment:
    RegDate: 1991-05-22
    Updated: 2002-09-16

    OrgAbuseHandle: IANA-IP-ARIN
    OrgAbuseName: Internet Corporation for Assigned Names and Number
    OrgAbusePhone: +1-310-301-5820
    OrgAbuseEmail: abuse@iana.org

    OrgTechHandle: IANA-IP-ARIN
    OrgTechName: Internet Corporation for Assigned Names and Number
    OrgTechPhone: +1-310-301-5820
    OrgTechEmail: abuse@iana.org

    # ARIN WHOIS database, last updated 2006-03-21 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.
    This is what i did the back trace with,
    225.230.230.234..
    Thanks __________________
    wpdmc
     
    Last edited: Mar 22, 2006
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    What makes you think it's China? That's not what the WhoIS states.

    Can you post your firewall log?

    What more info did Adware give to decide it was a possible browser hijack?
     
  3. wpdmc

    wpdmc Registered Member

    Joined:
    Mar 20, 2006
    Posts:
    45
    Location:
    North Central Penna.
    Hi, I'm not sure this one is china. My firewall has shown numerous times in the past about my ports being scanned, when i did a backtrace, it would show nothing. Then i would go here, http://www.dnsstuff.com/and i could only find out all the ones in the past have been from bejing, china, or some other city. The reason i say it was a hijack attempt is because AD-AWARE stated, possible browser hijack attempt. With all the other port scans it never said that.
    wpdmc.
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Port scans from China (or anywhere else) are a common occurrence. China shows up regularly, as seen here:

    http://isc.sans.org/top10.php


    Several from my logs:

    http://www.rsjones.net/imgs/portscan_cn.gif
    _____________________________________________________

    This seems to be normal traffic, which the firewall takes care of.

    If you still have concerns, post a recent log and the ad-aware alert, others can take a look.
     
  5. wpdmc

    wpdmc Registered Member

    Joined:
    Mar 20, 2006
    Posts:
    45
    Location:
    North Central Penna.
    Thanks, i really appreciate your time. Should any problems arise i'll post those things as you said.I also recognized some of those addresses as some i've seen in my searches. Thanks Again. wpdmc.
     
  6. ulla

    ulla Registered Member

    Joined:
    Jul 28, 2006
    Posts:
    1
    Yesterday and today Norton Internet Securite announced that my computer was port scan-hyökätty (= finnish language, I don’t know the word in english: make some attempt/attack my computer?) from a computer IP 225.230.230.234. I write this number in google and find this wilders security forums and register here. I don’t know, what is port scan and what is this computer 225.230.230.234 and why. I am 55 years old woman and it is difficult to understand.
     
  7. ASpace

    ASpace Guest

    Hello ! Norton's firewall has done its job and it protected you .
    All computers have both physical and virtual ports . There are many many virtual ports the computer uses to communicate with the outside world . The bad guys(hackers) uses special tools to search for computers with open ports and then to attack and gain remote access to your computer .
    Your ports have 3 states :
    • stealth
    • closed
    • opened
    The stealth mode make all ports invisible and closed for hackers.When stealth hackers think your PC doesn't exist at all. The closed mode shows ports as visible but closed and protected . Open is bad .

    So when Norton showed this allert , a hacker had decied to scan a range of IPs but when he/she has scanned your IP , Norton has blocked the attack and has told (lied) he hacker "Sorry , boy , this computer doesn't exist" so you are fine

    Learn how to protect your computer :
    here and here
    Hope this helps! :thumb:
     
    Last edited by a moderator: Jul 28, 2006
  8. wpdmc

    wpdmc Registered Member

    Joined:
    Mar 20, 2006
    Posts:
    45
    Location:
    North Central Penna.
    Hi,
    I get port scans every so often. Some of them are coming from the same number you posted. Almost all the time they're from somewhere in China. I use Sygate
    firewall and it blocks the port scan all the time. If you use something like a firewall, it will probably block the scan, meaning the scan didn't get thru. I'm not really sure what a scan is, but i would guess it's someone trying to see what's in your computer. This is just a guess. Since my firewall blocks the scan, they do no harm. wpdmc.*puppy* :blink:
     
  9. ASpace

    ASpace Guest

    See my post above the your :D

    Since you have port scans so ofter , I suggest you buy a qualitive router with NAT and SPI protections to keep these off your computer
     
  10. wpdmc

    wpdmc Registered Member

    Joined:
    Mar 20, 2006
    Posts:
    45
    Location:
    North Central Penna.
    Hi, the sygate firewall seems to handle the port scans i receive. I also have ad-aware SE
    spybot search and destroy, and spyware blaster, i also have AVG Free anti-virus program. So far the firewall has listed them as minor. I also go to the windows update page to check for security updates. Would these things be enough to protect my PCo_O?
     
  11. ASpace

    ASpace Guest


    The router's NAT and SPI are your first layer of protection , peace of hardware and software built-in a device to kill the hack attacks before they reach your computer . The router is optional but very good addition .

    Read here and protect your PC

    :D
     
Thread Status:
Not open for further replies.