# New Guy, Port scanning, general security questions.



## Sellingen (Jun 11, 2007)

Hi all, 

Please excuse me if any of this stuff is "obvious", I'm kind of a newbie when it comes to this technical stuff.

I am using norton internet security 2004(yes, outdated, i know) and I got port scanned today. The IP was 218.102.140.186. Its from hong kong. The first time it was blocked, the second time it wasnt and it said "At least 11 ports were probed." Now, I barely have a comprehension of what port scanning is, from what I have read it is basically a way of checking to see what "ports" are open for attack. Everything that I have read says to close such and such port and do this and do that. I find all of this very confusing. How do you close these ports? Is it done through your firewall software? How at risk am I for an attack?

I am running a virus scan right now with norton, and another with antivir personal edition. I know people say not to use norton but it seems to be the most efficient in blocking attacks, every time I have un installed it I have gotten viruses like crazy. What out there is free, and offers the same(or better) monitoring/blocking than norton? 

Also, I have recently been working on creating my own website. I have used my website creating softwares built in FTP software, and last night I installed Filezilla to upload PHPbb to my site. Did using these FTP programs put me at risk with the port scanning thing?

Any help would be great, you all seem like a smart bunch here.

Thanks in advance


----------



## Sellingen (Jun 11, 2007)

I just got the same situation again this morning, from a new IP, 172.143.29.57. So the guy must be using a proxy. anyone know what to do?


----------



## johnwill (Sep 26, 2002)

Make sure your firewall is current. FWIW, I long ago turned off any recording of port scans, because you could spend your life chasing each one down. :smile: I used to have the router logging the scans, but the logs were burying me!


----------



## Sellingen (Jun 11, 2007)

So these port scans really arent anything to worry about? How does one go about closing those "open ports"? Id never had a problem with port scanning before so I didnt really know how to react.

I just downloaded COMODO Firewall Pro this morning, and from what I have heard it is pretty good, so hopefully that will do some re-inforcing. :grin:


----------



## Sellingen (Jun 11, 2007)

well, i just got scanned again from my DSL routers IP. Any clue what this is?


----------



## kinbard (Jul 1, 2006)

Port scanning is always going to happen. If you are on the internet someone is scanning, looking for a system they can get into. Just keep yourself protected and you will be fine. You are using Comodo, which is a good firewall, so don't worry about going in and closing ports. If you don't know much about them you can cause yourself some headaches.


----------



## Sellingen (Jun 11, 2007)

so just a firewall is all I need to stay protected from this stuff? I just find it weird that this has never happened in the past and only just recently started. And the last one from my DSL modem IP was kind of weird. why would the modem scan me?


----------



## kinbard (Jul 1, 2006)

A firewall, anti-virus, and anti-spyware program will keep you protect, as well as staying current with updates. Your modem isn't scanning you, someone else is. Believe me, you have been scanned before, its a fact of being on the internet. You security suite might not have made you aware of the fact, but it happened. If you run anti-baddies scans on your system and everything comes back fine just deny these scans and tell your firewall to remember that setting. It will then always block it without notifying you.


----------



## Sellingen (Jun 11, 2007)

so this last one that had the IP of my modem, I had to turn off the "block this address" thing on that one so that I could get back online, was that ok?


----------



## kinbard (Jul 1, 2006)

Yes. I don't know why it is comming across like your modem is scanning you, but the modem will communicate with your computer. I don't know of any way to high jack a modem and do scans from it. What I think you were seeing was the modem basically asking "hey, are you wanting out on the internet?" If your anti-virus and anti-spyware scans come back that you don't have malware installed you shouldn't have anything malicious going on on your system. As Johnwill mentioned, you might want to consider turning off the scanning logs. It is nice to watch for awhile, but then it gets aggrivating.


----------



## Sellingen (Jun 11, 2007)

So by putting my IP on the allow list, and not being notified of scans, im not opening the door for an attack. right? Thanks for all the advice guys, it put my mind at ease a bit


----------



## kinbard (Jul 1, 2006)

Yes. You want to allow yourself out, but deny others from comming in. You can allow yourself to be notified of scans, but it gets tiresome after awhile. And it will make you paranoid! And cross-eyed! And probably kick the cat...


----------



## Sellingen (Jun 11, 2007)

I have norton internet security 2004. And when i go to configure the firewall and add my IP the text above the box says "trusted zones have full access to your computer". How would i set it up so that, as you said, i can get out, but others cant come in?(both in norton and comodo)

sorry if I'm becoming a pain in the rear. It HAS gotten me kinda paranoid, and I'm pretty paranoid to begin with...and im sure my cat doesnt want to be kicked either:tongue:


----------



## kinbard (Jul 1, 2006)

Your not a pain. First off, you are only running one firewall, right? You need to be. As far a Comodo is concerned, when you open up the manager there is a place to click that says something about comodo learning about your system. I can't remember what it is called, and I don't have my laptop with me, but you should be able to find it easily. Just click on that, and it will take care of it. You will be getting popups with it asking questions for awhile, but then they will go away as it learns your pc. I don't know anything about Norton, so I can't help you there. Maybe someone else can answer that one. It is really the firewall that will block the port scanning, though.


----------



## Sellingen (Jun 11, 2007)

as of now I have both nortons firewall running and comodo. I know that you are usually supposed to run just one, but when ever i have turned off nortons firewall for any length of time i am inundated with junk, and everything else In terms of virus scanners that I have tried just dont find everything that norton does(for example, nothing I used picked up infostealer.bzup, but norton did). right now comodo's component monitoring thing is set to "learning" so im good there.


----------



## kinbard (Jul 1, 2006)

You are going to run into nothing but problems running two software firewalls. Firewalls don't generally block viruses, so I am assuming when you turn off the Norton firewall it is shutting down the anti-virus as well. Can you shutdown just the firewall and leave the virus protection enabled?


----------



## Sellingen (Jun 11, 2007)

ah, yeah, I see that I am able to turn off the firewall in norton. I thought that anti-virus and firewalls were pretty much the same thing. whats the difference?


----------



## kinbard (Jul 1, 2006)

Anti viruses try to keep viruses out, which are malicious programs or scripts meant to cause computer instability or damage, in a nutshell. Firewalls block people from gaining access to your computer by port scanning or back doors. Look at it like this: a virus would be like mold in your house, while a firewall says who can go in and out your front door. Does that make sense? Hard to make a comparison with a virus to a house.


----------



## Sellingen (Jun 11, 2007)

actually that makes a lot of sense. So I'm assuming that with comodo once its done "learning" it will be configured and whatnot to keep all the bad stuff out? Thanks for all your help, I appreciate it.


----------



## Sellingen (Jun 11, 2007)

ugh, ok, now that I've turned off the norton firewall it keeps saying that it blocked "MS_RPC_DCOM_BufferOverflow" what exactly is that? another attempted attack?

the attacked port was epmap(135).


----------



## kinbard (Jul 1, 2006)

Yes, and you are going to drive yourself crazy, because it is always going to be blocking attacks. Thats what you want it to do. Also, make sure you have downloaded and installed all Microsoft updates.


----------



## Sellingen (Jun 11, 2007)

how was norton able to detect it though when the firewall was turned off? Shouldnt comodo have blocked it instead?


----------



## kinbard (Jul 1, 2006)

Yes. I don't know how Norton works, so I don't know what other services it is running. Since you paid for it keep it, but when it expires I would try a free anti-virus like AVG, and free anti-spyware like superantispyware. I know that all of this is scary at first, but you are needlessly worrying yourself. If by chance you do get infected it can be fixed. It's ok to be concerned, but don't let it overwhelm you.


----------



## Sellingen (Jun 11, 2007)

yeah, I have Antivir personal edition installed on my parents computer and it has worked pretty well, but then again they are on for e-mail and thats about it. I think I may have tried AVG before too. 

Im not too worried about viruses. I've had many over the years and I have been able to fix them all. What im concerned about is information being compromised. Generally how reliable are firewalls? I'm used to an attempted attack every once in a while, but this persons persistence the past few days has been kind of concerning. I know I'm over reacting to it, but the idea of somebody seemingly targeting just me is something I'm not used to.


----------



## kinbard (Jul 1, 2006)

No, I don't think you are over-reacting. If you feel someone might be targeting you ask your ISP to look into it. Nothing is 100% effective, that is why you do the best you can.


----------



## Kalim (Nov 24, 2006)

If you can, get a decent hardware firewall and you would be very safe from such attacks. :wink:

Software firewall can control what leaves your system a an additional security.

Using a few other security products is also recommend, as kinbard has advised before me.

You can always run freely available port/leak tests just to see the current protection status of your OS.

Information can be passed through many ways. Hacking/hijacking is at large online now and it's something that is moving quicker than it's anti-bodies are. The best way to safe guard your private data from any compromise at all is to keep it encrypted with something open source and continuously peer reviewed like TrueCrypt (AES-BlowFish-TwoFish-Serpent algorithms and SHA-2/Ripemd algorithms), your network connection encrypted and use something like TOR, which will stop any data collection by any sites you visit. All these can be and/or as you wish.


----------

