Port Scanning

[Robone]

For the last 2 days, my ports are being scanned, by different ip addresses. Sygate registering it as a minor severity.
Backtrace - not the same source. Wonder why. Thought I would disconnect and connect again with a different IP address. No luck. Looks like Mywireless is giving you the same IP address. Just when you need them to change the IP address, they decide to leave it the same. Can't win[]
I know I shouldn't get paranoid about this, but it p*ss*s me off.

 

[Comrade Borris]

Yeah i also observed that when i was watching my firewall yesterday. Very dodgy.

Sasser/Blaster anyone?

 

[gripen]

Could you post the IP ranges just to confirm that we are getting scanned by the same hosts.

Im getting scans from:
66.18.83.199 (obviously a rookie mywireless user)

and also a lot in the 200-220 range is in 217.x.x.x

BTW 66.18.83.199 is still online now so check if you are getting scanned.

 

[Robone]

66.18.85.249
66.18.83.26
66.131.181.132
66.130.152.99
66.130.171.90
66.131.82.112
66.81.248.114
66.72.239.41
and so on and so on

 

[dorris]

My apologies to anyone that found scans yesterday between 5 & 8pm.[:I]
I am a 3rd year Comp. Sci student @ Wits, one of our projects this semester was to write a port scanner, finished up the GUI yesterday morning, and hooked up mywireless yesterday afternoon, all appeared good on a little LAN, but wanted to test the multithreading on a large subnet, so used a net address of 23 (+/-508 IP's), starting at 66.18.x.200. I ran it 3 times for that purpose, and once more on a much smaller range (16 IP's)to test a mates firewall, to see that it was properly hiding his PC.
I can't remember my IP at the time, I think it was 66.18.x.220.

And no, I did not portScan any of the IP's for open ports, just made connection attempts at port 100 in order to locate the active IP's, I never went further on any PC's.
Reqd a physical connect attempt, as java does not support ICMP, so could not use ping requests.
So, if anyone saw connection attempts at port 100 , which could be seen by most firewalls as a port scan, this was me, I apologise, my bad won't happen again (not too soon anyway[}])

 

[dorris]

Once again, I apologise!
I'll see if my mate whose firewall I was testing kept the logs, if he did, I'll post the IP I was using yesterday, so all you paranoid people can know if there were some other malicious freaks out there!
GreedyflyZA, a rookie would be a user that couldn't find the right hole to get <i>into your box</i>, since that wasn't my aim, it just makes me a blatant *******[]

 

[mbs]

You naughty, naughty, naughty girl, you... *slap* your bottom /how nice - no funny bizniz intended... ag, nevermind - consider yourself suitably castigated...[][]

 

[Perdition]

Geez, a port scanner should be a first (or at most second) year project... though I guess in first year you learn more how to drink than anything else []

(java is the devil)

 

[Comrade Borris]

Dorris you twit...

Why don't you go to a real university like RAU? []

Can you test my firewall? I'll give you a six pack...

 

[Cloud]

geek wars!!!

 

[dorris]

Perdition, I am in agreeance,
Wits is strange like that, they focus more on theory and algorithm than practical coding, 1st year consists of no practical coding, 2nd year deals primarily with OS structure, DB's, and more theory, although we did code a funky RayTracer (in SmallTalk80), 3rd year, computer Architecture ( Instr sets/pipelining etc) and networks, and more theory, since I'm keen on bitching, they devote 3 stupid months to Finite Languages and automota
In regards to using java, I wanted something multiplatform with no serious porting (tWITS runs REDHAT, I run Mandrake and Windows)

 

[regardtv]

I wonder when the AUP issues will start comming to light []



************************************************************
The views expressed on this site are my own and NOT those of my employer.

 

[Comrade Borris]

Regard: Are you refering to DoS attacks/abuse?

Anyone keen to 'test' if their monitoring department is working?

 

[Echo]

Some food for thought +-80% of ADSL user in a certain range still have the default username and password set on their ADSL (Telkom supplied) routers Also found one completely open system on the same range!!! So people... change your "ROOT" password, write it on a piece of paper and stick it to the bottom of the unit!

 

[antowan]

I am surprised that none of you guys tried to find a vulnerable port on the source IP's host and left a funny message! Come on guys! []

Where are the days of flame wars and opening a CD ROM on another person's PC when they don't expect it to???? The last trick is much more fun when you can see their reaction but still effective on a remote computer... LOL! []

Cheers
Antowan

He who does not understand the value of war at the right time, cannot comprehend the value of life at any time - Anonymous

 

[Nickste]

Someone did that at our school. Made a little app that opens the CD-Rom drive at hourly intervils (all pc's did it at the same time). Funniest thing to see when you have a room full of people doing work, and suddenly the cd-rom pops out!

Chow, Nick

Nick Smit
broadband@nicksmit dot za dot net

 

[Tower110guy]

my firewall is blackice by iss

just got port scanned

Blocked State, Intruder
1, myw-stp-66-18-80-193.sentechsa.net
0, BLab17.orono.u87.k12.me.us
0, AMarseille-151-1-49-241.w82-122.abo.wanadoo.fr
1, 80.51.64.151

i also picked up sp.exe trojan this morning which i posted on another topic

 

[Scarface]

My Firewall logs are about 2MB every week...and that is just scanning filtered...

-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;-&lt;

...and Gandalf stared into the distance with a faraway look of gold...