Random ports being scanned

Discussion in 'other firewalls' started by chrisdab, Jan 6, 2007.

Thread Status:
Not open for further replies.
  1. chrisdab

    chrisdab Registered Member

    Joined:
    Dec 26, 2006
    Posts:
    12
    Since using Peerguardian for a while, I have noticed lately that my IP block list shows blocked connections to different ports on my router, seemingly at random but ranging from ports 1000-5000. These port scans seem to come from different IP ranges but tend to be organized, moving up in succession even though the source IP is from a different range.

    Companies assigned to the IP ranges,

    Time Warner Telecom
    Time Warner Telecom, Inc
    Emirates Telecommunications Corporation
    Private Customer - SBC Internet Services
    MERCURY-INTERACTIVE
    Epoch Internet
    NETSENTRY -Net Sentry Corp
    IBM Globel Services India
    Technical Chamber of Greece
    OC3 Networks & Web Solutions, LLC

    There is more but this is only the ones I sampled in the last 20 minutes. So what happens if they find an open port?
     
  2. chrisdab

    chrisdab Registered Member

    Joined:
    Dec 26, 2006
    Posts:
    12
    anyone?
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi chrisdab,

    Are you using a P2P or torrent client?
    Please confirm the direction of the blocked connections, also are these showing in the peergaurdian log or the router log.
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,703
    Hello,
    If you're using P2P, you'll get millions of these daily... that's exactly what PG is supposed to do. BTW, don't confuse remote port and local port.
    Mrk
     
  5. chrisdab

    chrisdab Registered Member

    Joined:
    Dec 26, 2006
    Posts:
    12
    These are logs off of PG and I do check to make sure it is to my IP address. I use utorrent as my bitturrent. Its funny that noone else gets these except me.
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi chrisdab,
    The Companies you mention (Time Warner, NETSENTRY ect) do attempt to intercept P2P/torrent client traffic, they even become part of that network to see if users will upload to them. This is to see if users are downloading/uploading copyright material.
     
  7. beads

    beads Registered Member

    Joined:
    Jun 1, 2005
    Posts:
    49
    Its normal enough. Sometimes these are botted machines as well. I'd say that 90% of my daily log here at work are random source ports with a destination of either 5700, 5800, 5900 (Virtual Network Computer) or 2967 (Symantec Corporate A/V) vulnerabilities.

    Last time I checked the survival time on the Internet with no firewall or A/V software was around 6 minutes. Thats just harsh.

    On the good side it makes for short analysis and few people to actually block by the end of the day.

    As for the companies you mentioned. A great number of them allow open sockets and/or mail relays and will be "listed" by SORBS, et. al. as having problems. Much of this could be cleaned up if ISPs were a bit more proactive in there procurement and monitoring of what goes through their own pipes. Which in the long run is actually costing them more money than by managing things properly.

    - beads
     
Loading...
Thread Status:
Not open for further replies.