Jump to content

Who scanned me

peter e

By peter e,
in Security Chat

 Share

Recommended Posts

peter e Newbie

peter e

Posted
Posted

Hi all

I am warned sometimes by Sygate that I'm being scanned. I usually shut down then start up again so the IP address changes. Sometimes I try to back trace the offender and do a whois in Sygate but I don't really know what I'm doing.

How can I learn more about security? What's TDS3? I have no ulterior motive for wanting to know - it just annoys me that I get scanned and I'd like to learn more about these things. I especially dislike the spam I get - and sometimes I'd just like to fight back a little.

I don't think I'm really worried by it all - just interested (I hope it's not a paranoia developing). :o

Link to comment
Share on other sites
Sir Radfordin Newbie

Sir Radfordin

Posted
Posted

peter e:

A little tip for you, if you want to change your IP address try the following:

Start

Run

Cmd or command (first for XP/Win2k/NT second for Win98/95/ME)

ipconfig /release

ipconfig /renew

That will renew the IP address (have presumed you have a broadband connection). Theory is you would get a new one, however often you will end up with the same one.

If you are worried about being scanned then make sure you have a firewall in place and know how to use it (ZoneAlarm/Outpost are two examples). ISP's often scan customers for no reason to worry about. There are also people who scan just to see whats available. I doubt you have anything to hide, and so don't get too worried about it.

Link to comment
Share on other sites
mark2 Newbie

mark2

Posted
Posted

You have no need to worry about being attcked unless you have no firewall, a hacker will always go for the easy option.

As I'm a nosey beggar I have TDS but the back trace function doesn't tell you a lot more than Sygate does. :ph34r:

I'm still trying to learn about TDS and it's full capabilities myself, not an easy interface apart from the very basics.

I have however never been scanned from that address since using one of TDS's functions, the backdoor knock, :o .

TDS is helping me to learn more about security and hackers in general. :angry:

Link to comment
Share on other sites
eyespy Newbie

eyespy

Posted
Posted
peter e:

A little tip for you, if you want to change your IP address try the following:

Start

Run

Cmd or command (first for XP/Win2k/NT second for Win98/95/ME)

ipconfig /release

ipconfig /renew

That will renew the IP address (have presumed you have a broadband connection).  Theory is you would get a new one, however often you will end up with the same one.

If you are worried about being scanned then make sure you have a firewall in place and know how to use it (ZoneAlarm/Outpost are two examples).  ISP's often scan customers for no reason to worry about.  There are also people who scan just to see whats available.  I doubt you have anything to hide, and so don't get too worried about it.

Hi Sir Radfordin !

Good to see you again !

Aren't ADSL and Broadband Internet simply a "fixed" or "Static" IP ? Controlled by your ISP ? Your "static" IP addy is assigned to you by your ISP.

You can "renew" you IP addy whilst using Dial-Up and "release" your IP addy if using "highspeed" .

I didn't think you could change (internally) your IP addy using renew if using a highspeed internet connection !

regards,

bill :)

Link to comment
Share on other sites
peter e Newbie

peter e

Posted
  • Author
Posted

Hi Bill

Is this what you mean? Still in the dark about how to contol things in the forum - still learning. I've copied and pasted my security log for this month. The port scans were all logged as minor (It looks a mess now it's pasted in). Doing Alt+Print Screen didn't work.

01/17/2003 21:23:42 Port Scan Minor Incoming TCP 217.*.137.198 63.*.208.222 1 01/17/2003 21:23:32 01/17/2003 21:23:32

01/15/2003 19:13:11 Executable File Change Accepted Information Outgoing TCP 207.46.106.175 0.0.0.0 C:\Program Files\MSN Messenger\msnmsgr.exe 1 01/15/2003 19:12:58 01/15/2003 19:12:58

01/10/2003 19:54:14 Port Scan Minor Incoming TCP 217.*.196.13 64.70.0.28 1 01/10/2003 19:54:06 01/10/2003 19:54:06

01/04/2003 00:01:58 Port Scan Minor Incoming TCP 217.*.183.175 206.*.10.200 30 01/04/2003 00:01:44 01/04/2003 00:01:51

01/04/2003 00:01:43 Port Scan Minor Incoming TCP 217.*.183.175 206.*.10.200 39 01/04/2003 00:01:28 01/04/2003 00:01:38

01/04/2003 00:01:28 Port Scan Minor Incoming TCP 217.*.183.175 206.*.10.200 65 01/04/2003 00:01:13 01/04/2003 00:01:28

01/04/2003 00:01:13 Port Scan Minor Incoming TCP 217.*.183.175 206.*.10.200 40 01/04/2003 00:00:58 01/04/2003 00:01:13

01/04/2003 00:00:58 Port Scan Minor Incoming TCP 217.*.183.175 206.*.10.200 28 01/04/2003 00:00:49 01/04/2003 00:00:58

01/04/2003 00:00:28 Port Scan Minor Incoming TCP 217.*.183.175 206.*.10.200 4 01/04/2003 00:00:16 01/04/2003 00:00:16

01/04/2003 00:00:13 Port Scan Minor Incoming TCP 217.*.183.175 206.*.10.200 4 01/04/2003 00:00:03 01/04/2003 00:00:03

Oh, it looks better in preview. :)

Hi Sir Radfordin

Thanks for the tip. I'm not on broadband - does it work on dial-up?

Regards to all

Peter

(removed part of IP for security - Craig)

Link to comment
Share on other sites
peter e Newbie

peter e

Posted
  • Author
Posted

Hi Mark

I know that if you have dial-up, you get a new IP each time you connect, but what I meant was would that little tip of Sir Radfordin work on dial-up or would it just disconnect you anyway if you tried it? I usually disconnect if I'm scanned (although everyone says don't bother about it) and then reconnect in order to change the IP.

Peter

Link to comment
Share on other sites
peter e Newbie

peter e

Posted
  • Author
Posted

Yes, Mark, I do have Norton AV. I think it was a few days ago that I visited the Symantec site to do a firewall test. It said everything was OK except for one thing (can't remember what) which was just 50% efficient (or something like that). It told me to ensure my firewall was set up correctly.

Link to comment
Share on other sites
mark2 Newbie

mark2

Posted
Posted

Yep that's it my comp generates the sort of signal that the other comp picks as trying to connect to common trojan ports so will give his firewall kittens, hopefully, leaves them aware that I know I have been scanned and can check and respond :ph34r: a handy tool to have at my disposal, just had a look at my sygate log and haven't had a scan in the last 3 days

Link to comment
Share on other sites
peter e Newbie

peter e

Posted
  • Author
Posted

Me again - just got disconnected as I was posting. I also meant to ask if you could recommend a book about Internet security. Recently I've found myself interested in that sort of thing: who the hackers are and what do they get up to etc? Nothing too technical, just an overview of the subject. Any recommendations would be appreciated.

Link to comment
Share on other sites
mark2 Newbie

mark2

Posted
Posted

The sticky post at the top of this forum has some links to various security related sites like wilders and spyware info where I have learnt a lot, also the GAV forum has various sections of interest various firewalls, information about trojans etc. I've not seen a book dedicated to internet security and with the amount of info online never felt the need to look for one.

Link to comment
Share on other sites
eyespy Newbie

eyespy

Posted
Posted

Peter,

I traced back 206.204.10.200 to Symantec. It was probably scanning your FireWall as you previously posted.

I traced back 64.70.0.28 to ATT Canada. Could be related to what you were doing at the time of the scan.

Do you use anti trojan software?

If not, download a copy of TDS or Trojan Hunter and run a scan of your system just to be sure !!

regards,

bill :)

Link to comment
Share on other sites
peter e Newbie

peter e

Posted
  • Author
Posted

Mark

Thanks very much for the link. The stuff on that site should keep me busy for a while. :o

Hi, Bill

I wasn't aware that I was visiting a Canadian site at the time - but then again I could have been. Next time I get a scan I will note what site I'm visiting at the time in case it's relevant. I run the Sygate firewall and Norton AV only (do they contain anti-trojan software?). I also run AdAware about once a week. I think a Trojan is some sort of dormant file, isn't it? Not a virus exactly. Would AdAware or similar spyware software pick one up? As you can tell, I'm a complete novice at this "techie" stuff. :(

Regards

Peter

Link to comment
Share on other sites
eyespy Newbie

eyespy

Posted
Posted
Mark

Thanks very much for the link. The stuff on that site should keep me busy for a while.  :o

Hi, Bill

I wasn't aware that I was visiting a Canadian site at the time - but then again I could have been. Next time I get a scan I will note what site I'm visiting at the time in case it's relevant.  I run the Sygate firewall and Norton AV only (do they contain anti-trojan software?). I also run AdAware about once a week. I think a Trojan is some sort of dormant file, isn't it? Not a virus exactly. Would AdAware or similar spyware software pick one up? As you can tell, I'm a complete novice at this "techie" stuff.  :(

Regards

Peter

Hi Peter e,

Norton AV will detect some trojans, but it's not it's specialty.

If Sygate is configured properly, it will alert you to a trojan (if you had one) trying to connect from your PC to the internet. If Sygate detects a program trying to connect through the internet it will alert you and you have to decide whether to let that program connect or not. Rule of thumb...if your not sure, block the attempted connection. If something doesn't work properly after that than allow that program to run. Theses rules apply to inbound connection attempts as well. If your unsure, block it !!

BTW,

A Trojan is a program (malware) that can be disguised as another legitimate program in your PC . Sometimes it is , other times it isn't.

This trojan program can control your PC via remote connection to another PC run by a hacker. It can also steal passwords and log key entries and really cause havoc to your box. It won't ruin your PC files like a virus can...it just hides in your PC...spying and receiving and broadcasting info about your system.

Ad Aware and spyware software aren't designed to detect trojans....you need a stand alone trojan detector. I recommend TDS or Trojan Hunter. Download a free trial copy here

http://www.wilders.org/anti_trojans.htm

Run the program and give yourself piece of mind !!

Good luck and if you have any other questions we would be glad to help !!

regards,

bill :)

Link to comment
Share on other sites
peter e Newbie

peter e

Posted
  • Author
Posted

Bill

Thank you for the information and the link.

I don't think my firewall has ever alerted me to something inbound trying to connect to my computer - just warns that someone is trying to scan me. It does warn for outbound stuff. Sometimes it's trying to connect to Symantec or Windows update etc, in which case I OK it. But sometimes it just warns me that Windows Explorer is trying to broadcast but it doesn't say where it wants to connect to.

I shall download anti-trojan software and read up on all this stuff. The Wilders.org site looks very interesting. Thanks again for your help and information.

Regards

Peter

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy

  I accept