Received A Port Scan. What Exactly is this?

Discussion in 'other firewalls' started by AnthonyG, Nov 19, 2005.

Thread Status:
Not open for further replies.
  1. AnthonyG

    AnthonyG Registered Member

    Joined:
    Aug 3, 2004
    Posts:
    614
    I am wondering what exactly is a port scan, what does it do, and why would a web site do one. Also is it something done intentional.

    As today i made a post in a DVD Discussion forum. Nothing inncoious just a general discussion post. Then 20 minutes later after leaving that forum and gernerally browsing the net (that forum was not even open in the background). I got a pop and warning sound (usually means something not good) from Outposts saying a port scan have been made and it originated from that discussion forum.

    I immediately went to that forum to see nobody on that site except the sites adminitstrator.

    What is wrong. And what was this web site trying to accomplish by doing a port scan on me. Is it just an identity check or was it an attempt at a malicious attack.

    The other suprising this is i am behind a router which unless i have misunderstood have been told in the past by people here at wilders i should be safe from things like this, so this concerns me even more.

    So what exactly are port scans, and what are they used for.

    Thanks
    Anthony
     
  2. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    You mean you actually don't even know what a portscan is? :rolleyes: And sorry if I sound rude, but it's something so common and it's so easy to find information on portscans, that I have no idea why you are asking here instead of just go on Google and find some links.
     
  3. AnthonyG

    AnthonyG Registered Member

    Joined:
    Aug 3, 2004
    Posts:
    614
    The question was a two tier one, i was asking what a port scan was in relation to why i received one from a seemingly reputable DVD discussion forum, but as you are right i did not know what is was exactly. So from a google search.
    But this has only confused me more, as can someone please explain the use a reputable web site would have to do this. As this description puts it into a very malicious practice. So why would one eminate from a reputable discussion forum. (and like you say it may be obvious to those in the know, but if i get security warnings i do not know about i obviously enquire about them on a securtiy forum to releive any possible concerns about it i may have. I did not think there was anything wrong with this).

    Thanks
    Anthony
     
  4. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    How do you know it was the website that did the portscan? Did the IP of the machine that port-scanned you match the IP of the web site? Are you sure it was a portscan, anyway, and what range of ports did it scan?

    And yes, portscanning is usually a malicious practice, unless it's done on purpose by you on your own machine or in a similar way (i.e. there are web sites that offer a free remote portscan on your machine -- though most of the time, not complete -- so that you can see what ports are open on the Internet); mind you, portscanning is malicious only in the fact that it LOOKS for vulnerabilities or trojan ports. There is no danger whatsoever in being ONLY portscanned; the danger is when a vulnerability is found and exploited.
     
  5. AnthonyG

    AnthonyG Registered Member

    Joined:
    Aug 3, 2004
    Posts:
    614
    I just got a pop up and warning noise from Outpost firewall warning me of a portscan, and in this popup it says where it came from and that was not an ip. But the actual name of the website. Such as for example if it said it eminated from this forum it would have said Wilderssecurity.

    But the worrying thing that concerned me was that i was not even looking at the web site when it popped up. I had posted there about 20 minutes earlier. So i dont know what is going on. But why would the web site want to do a port scan on me.
     
  6. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    It could well be not a port scan, but something like webalizer collecting stats on visitors.

    Mike
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Depending on the nature of the connection you had with the site/forum, it could just be late packets arriving at your system which the firewall is dropping and misinterpreting as a port scan.

    Being behind the router also suggests that these are late packets and not a port scan or unsolicited inbound packets.

    It always helps to post log samples when trying to determine what you are seeing. (protocol, source IP/port, destination IP/port - just xxx out the last portion of your public IP)

    Regards,

    CrazyM
     
    Last edited: Nov 20, 2005
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
Loading...
Thread Status:
Not open for further replies.