Port scans

[markp]

I get many port scans on my Linux computer which serves as a gateway for my home network (I run Portsentry to drop connections of people scanning me): usually on port 135 (epmap) and port 445 (microsoft-ds). I don't suspect that these are malicious, so I am wondering whether to ignore them. Is this usual?

Thanks

Mark Painter

 

[HiHat]

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by markp</i>
<br />I get many port scans on my Linux computer which serves as a gateway for my home network (I run Portsentry to drop connections of people scanning me): usually on port 135 (epmap) and port 445 (microsoft-ds). I don't suspect that these are malicious, so I am wondering whether to ignore them. Is this usual?
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

Yup, afraid so. The ADSL/DSL IP ranges are a favourite for scanning. If you were scanning for an unpatched machine to compromise, it would only be a matter of time before you found one. The dialup ranges are even more popular because you can scan at least 15 to 20 different machines per IP in one day.

Portsentry is just giving you a heads up about what traffic is coming to your machine. Just make sure you have a good firewall setup. Remember, don't worry about all the packets your firewall is dropping - worry about the ones it isn't!



Apple // Forever.