Jump to content

Internet Scanners

sven

By sven
in Networks and the Internet

 Share

Recommended Posts

sven

sven

Posted
Posted

do these egist? iv got this log in my router that has these couple ips that are trying to connect to *my ip*:135. is there a way i could like... get these guys to stop and cut their internet service for port scanning?

Link to comment
Share on other sites

gamehead200

gamehead200

Posted
Posted

sven, I don't think its a scanner... Its probably a worm that's trying to get through...

Remember the Blaster worm?? That ran an exploit on port 135 and a few thousand computers in the world probably still have it... :wacko:

W32.Blaster.C.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm targets only Windows 2000 and Windows XP machines. While Windows NT and Windows 2003 Server machines are vulnerable to the aforementioned exploit if it is not properly patched, the worm is not coded to replicate to those systems.
Link to comment
Share on other sites
tguy

tguy

Posted
Posted

You could add a rule to your firewall or IDS system that basically drops all packet traffic from the offending IP's to your network.

Since it could be a worm trying to attack your network, perimeter antivirus scanning of some sort might be in order as well.

Link to comment
Share on other sites
epic

epic

Posted
Posted

Log there connection attempts and attain info on the subnet. Contact the owner of that particular subnet and let them know what is going on. I would not suggest contacting them unless you have an abundent amount of logs on this connection attempt.

*STATIC-IP*:135, you can assume it is a business account, unless this person is smart and using it as a mask.

*DHCP-IP*:135, just as long as you have the port address listed and IP's, ISP's can look up logs of users whom had a specified IP assigned to them at a given time frame. All this info on the IP and company is easily obtained in the ARIN DB.

If these attacks happen frequently at the same time and same amount of times I would consider it would be some sort of worm on the net.

If attacks seem to be random it's some pathetic kid playing on the net and can get into trouble.

Both cases you can get there services suspended, if they are infected with a virus or worm that is infecting the net in some way the ISP reserves every right to suspend there services until appropriate measures are taken. But if some hyjinked kid is playing with port scanners or attempting to connect to an unauthorized remote machine repeatedly, they can get there services suspended and much worse.

Link to comment
Share on other sites
sven

sven

Posted
  • Author
Posted

hum, most of teh time its a continuous ammount from a single ip for a little while. meh, its just annoying. i forwarded the port into cyberspace so it will never touch my pcs

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...