|
Posted by Mike on March 12, 2006, 7:59 pm
If you were Registered and logged in, you could reply and use other advanced thread options
My firewall notified me that it blocked an attempt to scan TCP ports. It
listed the port numbers such as 1382, 1391, 1399 etc. The attempted scan
came from us.i1.yimg.com. What if anything can I do to the scan attempt?
--
Mike
|
|
Posted by Duane Arnold on March 12, 2006, 8:06 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Mike wrote:
> My firewall notified me that it blocked an attempt to scan TCP ports. It
> listed the port numbers such as 1382, 1391, 1399 etc. The attempted scan
> came from us.i1.yimg.com. What if anything can I do to the scan attempt?
>
What kind of FW? If the FW/packet filter is blocking the scans, then why
are you worried about it?
Duane :)
|
|
Posted by Bit Twister on March 12, 2006, 9:55 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> My firewall notified me that it blocked an attempt to scan TCP ports.
So, you lost some disk space. BFD.
> It listed the port numbers such as 1382, 1391, 1399 etc.
Now, you can use, in no order of importance,
http://isc.sans.org/port_details.php?port=1399
http://lists.thedatalist.com/portlist/lookup.php?port=1399
http://www.dshield.org//port_report.php?port=1399
To see what they are.
> The attempted scan came from us.i1.yimg.com.
> What if anything can I do to the scan attempt?
Unplug your system from the internet.
Anything you try to do to the offending ip address could get YOU into trouble.
Other option is to email reason/log to the machine owner and/or the Internet
Service Provider.
|
|
Posted by Sebastian Gottschalk on March 13, 2006, 3:05 am
If you were Registered and logged in, you could reply and use other advanced thread options
> My firewall notified me that it blocked an attempt to scan TCP ports. It
> listed the port numbers such as 1382, 1391, 1399 etc. The attempted scan
> came from us.i1.yimg.com. What if anything can I do to the scan attempt?
Obviously you have some network settings screwed so that the answers for
the requests (your browser wants to display a website containing images
fro us.i1.yimg.com) are not getting through.
|
|
Posted by Ansgar -59cobalt- Wiechers on March 13, 2006, 3:46 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> My firewall notified me that it blocked an attempt to scan TCP ports.
> It listed the port numbers such as 1382, 1391, 1399 etc. The attempted
> scan came from us.i1.yimg.com. What if anything can I do to the scan
> attempt?
Well, one thing you can do is ignore it. If you don't have services
listening on those ports there's nothing to get worked up about.
cu
59cobalt
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
|
| Similar Threads | Posted | | Failed Logon Events--Hack Attempt | September 26, 2007, 1:44 pm |
| Buffer Overflow Vulnerability attempt detected (CAN-2004-200) | February 20, 2007, 8:29 am |
| Configure DCOM client to use only a small range of ports (instead of random ports) | August 16, 2006, 4:43 am |
| TCP FIN scan | April 14, 2006, 3:08 am |
| Port scan activty | January 11, 2006, 2:35 am |
| Port scan by DNS normal? | March 19, 2007, 4:16 pm |
| Sonicwall "possible port scan" Help! | May 21, 2007, 10:31 am |
| using nmap to scan firewall | September 2, 2007, 12:56 pm |
| UPD Port Scan from DNS Server Happening, What's Up? | January 15, 2006, 2:30 pm |
| Frequnt port scan attacks | October 15, 2007, 9:42 am |
|
XML site map