Using Winfag, I have a security tool that detects and blocks port scans, and gives me the IP of the src. Sometimes I get a burst of port scans within a small interval repeatedly but from the same IP.
This time I got 4 port scans, each 2 from a different IP within 3 minutes.
One originates from South Africa, the other from Romania (I know that's irrelevant, proxy/onion but meh.)
I once got port scanned from an M$ server, and once from Australia.
I'm doing nothing suspicious (legally, nor politically). I'm just torrent movies/games/books through public trackers. Why? well I live in Syria and can't afford private trackers since bandwidth is shit, can't seed, thus will be flagged for not seeding. (Don't ask me why I'm still here, college and still can't get out of this shithole of pigs).
I know my torrenting might be a factor, but holy shit is this not too much. Aside from this being a sideeffect from torrents, any other cause/some way to further secure myself?
tldr; pic related + WHAT DO? (criticize/joke how you want. But please if you know your shit, enlighten me)
Joshua Kelly
Why worry about it?
It's just a scan. It's not like they're trying to actually do anything to you. Just being nosy and seeing who.is out there.
Aaron Bell
bump...
James Bennett
You know what a port scan is right?
That or you're a shill probing me with "got anything to hide?" cliche. Just like those port scans.
Seriously though, port scans detect services on your device that are exploitable. Ain't that a good reason to be cautious?
Camden Thompson
Millions of machines are constantly cycling through ip ranges scanning "random" machines. This is entirely normal and not targetted. Are you running any services on any ports? Have ypu tried portscanning your ip in order to see what comes up?
Nicholas Diaz
Interestingly interesting. I should portscan/pentest myself and see what comes up.
I have some services yes. But I manually inspect them one by one, turned off any meme'y useless shit. (Java, ActiveX, Flash Update) and shut down automatic start of dangerous services (Oracle, Apache, ISS, MySQL, SQLServer).
>>This is entirely normal and not targeted. Then why did it suddenly occur 4 times from 2 different IP's within 3 minutes? Doesn't add up. Because the port scan was blocked? Is that why I was port scanned again from a different IP?
Alexander Hughes
shameless bump, the brand new Louis CK special.
Robert Wilson
post is uninteresting, nobody is replying because Syria, or /g lacks experts.
Christian Ortiz
U still there Op?
Ethan Jones
No my house has been evaporated by a mortar, laptop is gone, and everything is gone. It was somebody who pinpointed my coordinates because of the port scans people did not take seriously here. GEE THANKS /G!
Nicholas Kelly
BHAAAMP
Connor Rivera
You have alot of misconceptions about portscanning OP. Like which services show up when you are portscanned. scan yourself with nmap, not your lan ip your internet one, and Im sure norhing will come up. And if something does come up it doesnt mean its exploitable, infact it would almost certainly not be.
John Gutierrez
>M$
Anthony Wood
I like that.
I know some networking shenanigans, but not an expert. And taking baby steps in the infosec scene. Thus I do realize I might have some misconceptions.
1. So as long as I'm not port forwading (not opening any ports) I'm good?
2. I assume by services you mean services exposed by my router?
3. Think it would be more dangerous if somebody got in the local network (either from the internet or nosy neighbors). Spare some of your two-cents on this? (choosing a router that is secure remotely and locally, also configuring it to be secure)
(OP) >M$ Yeah, for academic reasons. (no pun intended)
Easton Stewart
Wow I dropped the ball there at the end...
or maybe I did mistake on purpose? >camouflaged bump
Thomas Cox
>shitty formatting >gives up
Owen Diaz
1. Yes 2. Yes 3. I meam that is a potential but it would take time and effort for an attacker and if they wanted to get into your computer having brokwn into the network that would rely on tou have quite old software running. At the end of the day this isnt worth losing sleep over unless you are a whistleblower or political dissident
I am tired so im gonna sleep now.
Caleb Cruz
Splendid.
Many thanks user, warm salutes from Syria.
Benjamin Rivera
have you tried to connect to the IPs that scanned you?
Anyone who is performing a legit scan for a good reason will have a website hosted from the IP they scan from
Nathan Myers
that's a pretty good idea, going to try this (in a safe way).
currently running an intense scan with no ping with nmap, router blocks inbound pings from outside the local network. Will post results.
Levi Cox
>port scans detect services on your device that are exploitable Port scans detect open ports you not white sand nigger. Don't run any services you don't understand you future EU immigrant.
Luis Sanders
Extraordinary spelling overall, Here's a 7/10. Seen worst.
> future EU immigrant Who said I want to be an EU immigrant? risking my life on the road just like risking my life here. Fuck that. Well until a mortar shell recks real havoc (home, work) then I might realistically consider this matter, so pretty much as long as we're dodging death, that idea is not implemented. How does that make you feel? We discuss this issue every fucking day on the dinner table. Besides EU immigration has become too mainstream that intellects might get backlash there because of the clusterfuck amount of idiots that moved there. I saw one guy on TV bitching about feeding him macaroni while he was laying on his ass talking in a broken English rather than standing up straight like a functioning dick infront of a news camera. Not only that, Some Afghani and fucking Lebanese shit stains and whatnot are faking Syrian nationality to get in the EU. Also saw a video of one ISIS looking mother fucker pretending to be a good old Damascus resident with his limp-dick try-hard Syrian accent. That mess ain't better than the mess we have here!
>you not white sand nigger You lost me there butt bud.
Aaron Barnes
Unfortunately and as expected, IP does not belong to a website host.
Intense nmap scan is intense, still in progress. Weird that the tool I have gave nothing regarding being port scanned.
William Nelson
Entire internet gets port scanned regularly. Put a server online and it will have its SSH port getting hammered by password attempts daily
Dylan Watson
OP here, intense nmap scan yielded this (only interesting bits I found):
1. Got bunch of these >NSOCK ERROR [3444.6180s] mksock_bind_addr(): Bind to 0.0.0.0:500 failed (IOD #763): An attempt was made to access a socket in a way forbidden by its access permissions. (10013)
2. >Host is up (0.047s latency). >All 2000 scanned ports on (my_external_IP) are filtered (1000) or open|filtered (1000)
>Too many fingerprints match this host to give specific OS details
Don't worry, Ahmed, nobody is trying to hack your IED project.
Brandon Moore
top banana kek
kinda moldy though, perhaps fire from that very project you mentioned would lighten you up, pajeet? or whatever stereotypical name you like /g folks get their dick wet over.
(don't take any of that seriously)
Elijah Bailey
This happens to everyone, hackers are constantly just scanning random IPs.
As long as you have all your software updated with a decent router, you should be ok.
Brayden Edwards
Appreciate it.
Care to define "decent router"? Extra Kudos for some examples.
