This so-called "port scanning" business

[Kei]

Has anyone else noticed a marked increase in port scans this week.

I keep noticing the router logs full of attempts at port accesses coming all from 196.2.xxx.xxx IP ranges. It's defnitely increased in volume. I'm also seeing security alerts on the router, which appear to be DoS attacks. All my computers are currently off!

Anyone else seeing this ****?

 

[jmn]

Get my usual 1500 - 1800 firewall hits per day, so far 800 today, which is actually sub-normal. Snort IDS entries sit on 8 so far, normally 20 - 35 per day. The bulk of the hits are normally from WBS / iBurst IP's.

 

[stoke]

Na - and I don;t care either. LOL - really - there'z nothing I can do about them, so i've stopped worrying about them.

 

[slimothy]

theres a way to tell if its a ddos or a port scan aside from the face one will try knock you off the net. if the connections it attempts are half opened tcp ones, or if its alot of tcp ports its a portscan if its udp its a ddos.

alot of it is pretty automated just bots scanning for vulnerable hosts, you should be OK

 

[DFantom]

Has anyone else noticed a marked increase in port scans this week

been an average week on my end. Seems a slight increase at http://www.mynetwatchman.com/default.asp

 

[Kei]

Thank you

I don't normally worry about this but I've come home twice this week and found my router was frozen i.e. had to reset it and the bloody thing e-mails me with security alerts- never used to do that...

 

[JasonH]

yea dudes..ive started runnig a firewall..but my router stops most of it..like an attempt every 5 seconds.

 

[nocilah]

i've had 10598 blocked inbound events this month so far according to Mcafee Firewall... and 99% of them have a 196.2.x ip...

should we see what happens when we switch off our firewalls n stuff?

 

[Crash]

"Switch off our firewalls n Stuff"

iBurst becomes a really big bot net

 

[jmn]

"Switch off our firewalls n Stuff"

That's what I've been told by the helldesk guy 30 minutes ago when I got continuous auth failures from IPCop...

 

[ic]

LOL, now you know better than to call the WBS iBurst ksedpleh again?

 

[Kei]

I am not switching off any filtering on my router. Sorry I've been hacked in the past and I am not taking that chance again.

I would much rather live with having to reset the router once a day

 

[seburn]

auth attempts failed beens you have been "disconnected" and are not alowed back on do to some weird overcrowding rules by wbs. Its got nothing to do with ipcop try with out it it still won't work. The helpdesk will blame anything they can, give em a linux firewall box and they will say "iburst doesn't like linux". What a joke.

You probably on the edge of the coverage and they take preference on users "closer to tower" the only ways to get around this is a stronger / better positioned arial or new tower or WBS changing the logic (not ganna happen).

I still have issues

 

[seburn]

i hope that helps coz you helped me alot

 

[jmn]

Tx, got terribly upset because I was moving data between outside servers and this really got me. This weekend was a total disaster for me with continuous disconnections...

The weird thing is that it fixed itself after about 45 minutes, I'm less than 1 km from the tower (see it clearly on the hill above my house), the worst signal that I've seen is -74 dBm and, according to Sasan himself, this is one of the towers with the lowest load, so it was obviously something with their system.
BTW, restarted IPCop, tried FC3 too and WinXP with ethernet & USB and did rfScan before calling helldesk

 

[Kei]

This weekend iBurst sucked ass royally.

Constant disconnections, p2p doesn't work at all now... overall **** experience

 

[Bjorn]

P2p worked for you before? hasnt worked for me for a long time...

 

[native]

Now I'm gatvol with 196.2.x.x and many others port scanning my PC
These looks like WBS IP's

Any advice or just leave the clown to keep on trying?

 

[Jongi]

I once started a thread about this. There was a mother load of attempts from that IP range.

 

[DFantom]

I once started a thread about this

Blame the thread now...jeez what did it do to you