Port scan attack

**Jdawg50** · 12-30-2003, 06:54 PM

My McAfee firewall keeps showing this thing called a "port scan attack", What the hell is it?
I can trace it, but I have know idea what it means. I do a ping or something?
Help

**arthurb999** · 12-31-2003, 09:16 AM

It is people trying to scan your ports looking for vounerabilities or open ports. That is how you get hacked. It happens all the time though so as long as you have a tight ship you should be alright.

**Jdawg50** · 12-31-2003, 09:40 AM

What does the trace do? the ping?

**CarbonCopy** · 01-03-2004, 03:50 AM

Originally Posted by Jdawg50

What does the trace do? the ping?

Traceroute traces the route of UDP packets for the local host (your computer)to a remote host (the person port scanning you). If you run a traceroute it will display the time and location of the route taken to reach its destination computer. Think of a road map showing you what roads you took to reach a certian location. That is basicly what traceroute does, shows you the location the data came from and the path it took to reach you.

A ping is used to test routed ip connections. It works at layer 3, the network layer of the OSI network model. It will send a packet of data to a specified host and wait for a reply. Some people might use this to see if a computer is online so they can start port scanning or check for connectivity.

If you are truly worried about the port scan/scans save the port scan logs and send them to your ISP. I wouldn't be real worried about it so long as your anti-virus is up to date and your firewall is running. Unless the same ip is scanning all the time or you see a pattern with the scans I wouldn't worry. Port scanning is very common and in fact legal. If the attacker tries to connect to the open port, and gain access then he is breaking the law.

***Sicilian30*** · 01-04-2004, 07:04 PM

Originally Posted by CarbonCopy

Traceroute traces the route of UDP packets for the local host (your computer)to a remote host (the person port scanning you). If you run a traceroute it will display the time and location of the route taken to reach its destination computer. Think of a road map showing you what roads you took to reach a certian location. That is basicly what traceroute does, shows you the location the data came from and the path it took to reach you.

A ping is used to test routed ip connections. It works at layer 3, the network layer of the OSI network model. It will send a packet of data to a specified host and wait for a reply. Some people might use this to see if a computer is online so they can start port scanning or check for connectivity.

If you are truly worried about the port scan/scans save the port scan logs and send them to your ISP. I wouldn't be real worried about it so long as your anti-virus is up to date and your firewall is running. Unless the same ip is scanning all the time or you see a pattern with the scans I wouldn't worry. Port scanning is very common and in fact legal. If the attacker tries to connect to the open port, and gain access then he is breaking the law.

A very good technical explanation, couldn't have said it better myself. I would do as Carbon says here, but I would not only report it to my own ISP but find out who the person who is hacking you's ISP and send the reports to them. Usually every ISP has an [email protected]
If you need help tracking down the ISP just find the IP number that the guy is using, go to www.samspade.org and plug that number into IP Address and it will do a reverse DNS for you.