How to report possible Port scanning and DOS/Fraggle Attack??

Similar Messages

• My MBP is port scanning, and I dont know why!

  Ever since this Tuesday at the office (we're all running macs) the internet keeps going down.
  I called the ISP, they told me that one of the machines looks like it has a virus running, one of them is port scanning- and that overflowed the router and froze it.
  Turns out its my personal MacBook Pro that matches the IP address he gave me. I was FTP'd into a server and downloading a website for backup.
  He said something like ports 4400- 58,000 were being scanned sequentially and that it seemed like there was a virus on the computer, I was shocked- and told him that we were all on macs. Perhaps the FTP client (called "fetch") failed to connect to one port and tried another and another ect. But, the tech guy also said that it wasn't on FTP protocol.
  Today I've been working on securing my machine. I stopped using the Wi-fi, turned on my firewall ( I know, bad idea to not have it on ) and installed ClamXav and Little Snitch.
  Perhaps I have some kind of malware? Is it too late?
  Help!

  Isp's always blame things on the mac when they don't know why something is happening to their network.
  You could launch Activity monitor and look at all the processes that are running. Sort it my cpu cycles. There could be an application stuck in update mode or one trying to phone home..like adobe updater.

• How to modify the port number and use subdomains

  Couple of things ...
  1 - default port for installation is on 7777 and 7778. Would it be possible to run everything on port 80? I would like to hide the port number and not have people type in http://domain.com:7778
  2 - how can we use subdomains for certain services? For example, webmail should be http://webmail.domain.com and the RTC should be http://conference.biztech.com
  thx

  we're using OCS both inside and outside our network.
  I had my dba modify the port so now everything runs on port 80. However, I dont know how to get virtualhost to work correctly.
  conference.domain.com -> RTC piece
  webmail.domain.com -> webmail piece
  i.e....

• How to report possible tower problem in our area?

  Verizon coverage on Hilton Head Island, south end has been increasingly spotty.  Please advise, calls are dropped, texts are not received or sent.  Do not know what to do.  This has been happening more frequently, but this past week it has been really bad.  Help!

  Zip code is 29928. We have four smart phones in family, 2 droid razrs, 1 iPhone 5, and 1 iPhone 4s.  All show 0 to 3 bars at home on and off. All are dropping calls, not receiving or sending messages at times. Usually only have issue in general area of our home, 2 miles radius. Our neighbors also are having issues. We tried turning wifi on and off, doesn't  help either way. Has been happening for months but recently became so bad we had to drive somewhere to get service. I have called Verizon twice. Once was told there were problems in our area and 3 days later was told nothing was going on that was reported.  Hope you can help identify problem, frustrating.  Thanks.
  Sent from my iPad which often chooses different words to confuse us.

• Symantec reporting port scan

  I've received a couple of alerts from Symantec anti-virus on a server and client computer saying that it is being port scanned. I was wondering what a network administrator would do about these warnings? Should I just setup a wireshark capture on the computer and see where the scans are coming from or is there a better method to detect devices in your network that are port scanning?
  Thanks for the advice        

  The it reported to port scans?
  1 From the WLC
  1 From an LAP - If the LAP was not associated to the WLC how do you know it was a LAP?
  How often do these alerts trigger?     
  CCNP, CCIP, CCDP, CCNA: Security/Wireless
  Blog: http://ccie-or-null.net/

• How to report Invoice details and also the related Purchase order details

  Hello,
  Any suggestions on How to Report both Invoice details and the related Purchase Order details.
  Ex:
  INvoice Line items Amounts /Qty
  PO Line Items Amounts /Qty
  Thanks in advance
  Jagadish

  Hello,
  Any suggestions on How to Report both Invoice details and the related Purchase Order details.
  Ex:
  INvoice Line items Amounts /Qty
  PO Line Items Amounts /Qty
  Thanks in advance
  Jagadish

• How to open ports 80 and 443

  How do you open ports 80 and 443?  I'm trying to connect a tv to the internet.

  What router are you using? Who is your ISP? Also, what exactly are you trying to accomplish?

• Symantec and port scan attacks

  I have found many post on the port scan attacks created by Symantec on client computers, however it seems my port scan attacks are being blocked on the Spiceworks server side.  All the clients are showing up in spiceworks with no scan errors, but when logged onto Spiceworks server there is a port scan attack every few minutes from the clients.
  This topic first appeared in the Spiceworks Community

  No. While the encryption of your wireless network is mandatory to protect other people in your proximity to access your network, computers, internet connection or eavesdrop your computers it has nothing to do with port scan attacks. Port scan attacks originate from the internet. The router will block those unless you have configured port forwardings on your router or a computer opened ports on the router through UPnP. This is because your router does NAT which makes the LAN unaccessible from the internet.
  Port scans are not really attacks but just the general "noise" in the internet. There is nothing you can do about it except not using the internet. As long as you don't have open ports there is nothing to worry about. And even if you have opened a port for instance for gaming it still depends on whether the program listening on that port is vulnerable or not.

• CSA 4.0.3 Exempt certain IPs from being detected as source of port scanning

  We have an in-house vulnerability scanner that regularly
  does port scans and we don't want to see events when the source IP is from the vulnerability scanner.
  We tried a network access rule but it dose not work.
  1) Network Shim is enabled
  2) Network shield rule with Port scan detection is enabled.
  3) Global correlation for scans is set to 100 within 60 minutes.
  Basically we want to keep detecting port scans except scans from a specific IP.

  Thanks Jay for your offer. The thing is NACL does not work in 4.0.x
  Here is TAC responce for later versions (4.5.x or 5.x):
  "It is possible to do this by changing the field "Commuincating with host
  addresses" in the network shield rule. There are 2 ways to do this.
  1. Create an exception rule. The exception rule is of type 'Network
  Shield Rule'. Make it's action 'permit'. Click Port Scan Detection to
  enable it. Include the ip address of the port scanner device in
  "Communicating with host addresses".
  or
  2. Modify the original Network Shield Rule (the one with the deny
  action). Next to "Communicating with host addresses", click 'Insert
  Network Address Set', and click 'New'. In the new window,name the
  network address set. Leave the "Address ranges matching" to and
  change "but not:" to the ip address of the port scanner. Then click
  'save'. Make sure that the Network Shield rule now contains your
  Network address set under "Communicating with host addresses".
  We typically recommend using method 1 because it prevents you from
  having to modify the default rule set. But pick the method that works
  best for your configuration."
  I have to find away without upgrading.

• Is it possible to scan without preview/ image capture??

  These programs are useless for scanning. Every time I try to scan something it automatically guesses where the image is cropped. It gets it wrong almost every time and there is no way of turning it off.
  I tried clicking the more details button but my scanner sends an error message whenever I do. Therefore both Preview and Image Capture are stuck in basic mode. I also tried finding Epson Print/ Scan software and new driver updates by Apple, but no joy there I'm afraid.
  I have an Epson DX4400, it works fine - but only with Preview and Image Capture. It won't work with any other programs I know of (such as Photoshop etc). As far as I'm aware there's no TWAIN driver available, so how is it possible to scan without doing it through Preview?
  This *****!

  Hi DLThomas & welcome to discussions...
  Have you taken a look at VueScan...best out there that I know of - seems to do everything scanning related well - tons of options without the compatibility grief.
  http://www.hamrick.com/
  Grab the demo and see for yourself if it meets your workflow, etc.
  Good luck in any case.

• NAT port-forwarding and WAN side IP addresses

  I have my Airport Extreme setup to forward port 21 to an FTP server on the LAN side of my network. The AE is connected via DSL to my ISP.
  When a client from the WAN side connects to my server, the server's LOGS don't list the IP of the client, rather it says the client connected from my assigned WAN IP. For example (fake ip's):
  Client ----> AE ----> FTP-SERVER
  130.129.12.3 76.99.89.3 10.0.1.2
  Log states client connected
  from IP: 76.99.89.3
  My previous Linksys router, with the same DSL modem and ISP, would report the client as connecting from 130.129.12.3.
  Am I missing something in how I am configureing my AE? Or, is this how the AE manages port-forwarding and there's nothing I can do about it?
  I used to use firewall rules to control access to the FTP server, i.e. rules set on the server. This can't be done anymore with the AE operating as it does.

  Seems to me that the NAT translation in the Airport 802.11n is such that it does not use the incoming IP of clients connecting from the WAN side to a computer on the LAN side. The ingoing and outgoing packets reach their respective destinations, it is just that the AE uses some kind of non-standard routing (at least not that I am used to working with).
  This is bad because it prevents the use of some forms of access controls on BSD and Linux servers on the LAN side, TCP Wrappers and iptables for example. This can create obvious security problems when WAN ports are set to forward to such a LAN client. We are already getting hit with robot-like script attacks on our server, this was a problem with our Linksys router, but with the above mentioned tools and scripts we were able to block abusive clients.
  Perhaps an Apple can work on resolving this issue in a future firmware release, at least make it an option... Anyone from Apple out there?
  jmj

• Deny install any application & Port scan

  Hi I have CSAMC51. Could you please tell me how do I deny running of any exe file (any applications) and deny port scan and ping from a agent running on a host.

  Looks like I can't edit my original question...
  The problem is still happening, I've been doing some testing to narrow it down...
  + it's not just my computer (have also tried from my mums PowerPC and my sisters iMac), although it could be a mac thing (I don't have a windows machine to test from, only windows running on a mac, though I will give that a shot later)
  + it's not my internet connection (although it could be my ISP - I tested at my sisters place, who uses the same ISP as me, am looking for another testing location that has a different ISP)
  + it's not my website (have tried uploading to a completely unrelated website with similar results)
  + it's not cyberduck (have tried with filezilla, similar results, also tried via terminal - I don't know how to upload files, but when I connected, it connected through a different port, a 5 digit number, can't remember what now).
  Not too sure where to go from here...

• How to report a problem in ios 7

  i have found a minot glitch in iphone ios 7... related to the lock screen, how to report it to apple and is it true that if i found a bug i get paid for it ?

  No, you do not get paid for reporting bugs.  You can submit feedback here:
  http://www.apple.com/feedback
  Perhaps if you described the problem here, someone could help you with it.

• Video/Screen Sharing via 3G connection not possible - port restrictions?

  I'm running Jabber-based iChat AV 5.0.3 sessions from my MBP connected to the Internet via a wireless USB modem 3G/UMTS (German Telekom D1 network). My buddies are connected to the Internet via regular broadband connections (DSL). I have set up a hosted Jabber server via Dreamhost (without SSL, port 5222 used).
  Status Quo:
  - Contact status of remote Jabber users shows up properly. All buttons (text chat, screen sharing, video) are available (not greyed out) on both sides.
  - Text chat works fine.
  - Video chat and screen sharing can be invoked from both sides (confirmation window shows up), but after confirmation the initiation process doesn't finish successfully. The video/screen sharing session doesn't run. *iChat AV shows a message indicating that it doesn't receive an answer from the remote user device.* If the iChat session is initiated from a buddy's computer, the buddy gets the same message respectively.
  - For testing purposes, I changed the internet connection on my MBP from the mobile 3G USB modem to a regular *DSL broadband connection (same ISP, German Telekom). In this scenario, video/audio calls and screen sharing work flawlessly!* Therefore, I assume that the problems in 3G connection mode is caused by the ISP (German Telekom) blocking/restricting ports required by iChat AV for initiating the video call and streaming the data on their 3G network.
  Is there any way to bypass ISP restrictions, by either changing specific iChat AV port settings on both ends (client devices) or by port forwarding? If yes, which settings should I change? Unfortunately, it's couldn't find any document indicating which ports are opened/allowed by German Telekom's 2G/3G (GSM/UMTS) network.
  Below is an excerpt of the error message produced by iChat AV:
  iChat Connection Log:
  2010-11-09 21:18:19 +0100: AVChat started with ID 494414145.
  2010-11-09 21:18:19 +0100: [email protected]: State change from AVChatNoState to AVChatStateWaiting.
  2010-11-09 21:18:19 +0100: 0x1a8bf8b0: State change from AVChatNoState to AVChatStateInvited.
  2010-11-09 21:18:28 +0100: 0x1a8bf8b0: State change from AVChatStateInvited to AVChatStateConnecting.
  2010-11-09 21:18:28 +0100: [email protected]: State change from AVChatStateWaiting to AVChatStateConnecting.
  2010-11-09 21:18:48 +0100: 0x1a8bf8b0: State change from AVChatStateConnecting to AVChatStateEnded.
  2010-11-09 21:18:48 +0100: 0x1a8bf8b0: Error -8 (Did not receive a response from 0x1a8bf8b0.)
  2010-11-09 21:18:48 +0100: [email protected]: State change from AVChatStateConnecting to AVChatStateEnded.
  2010-11-09 21:18:48 +0100: [email protected]: Error -8 (Did not receive a response from 0x1a8bf8b0.)
  Video Conference Error Report:
  0.000000 @/SourceCache/VideoConference/VideoConference-415.22/Video Conference/DotMacConfiguration.m:1039 type=4 (FFFFFFFF/2)
  [HTTP GET failed (0)]
  0.000627 @/SourceCache/VideoConference/VideoConference-415.22/Video Conference/DotMacConfiguration.m:758 type=4 (FFFFFFFF/0)
  [HTTP GET failed (0)]
  0.346813 @/SourceCache/VideoConference/VideoConference-415.22/Video Conference/DotMacConfiguration.m:758 type=4 (FFFFFFFF/0)
  [HTTP GET failed (0)]
  1331.086051 @/SourceCache/VideoConference/VideoConference-415.22/SIP/SIP.c:2917 type=4 (900A0015/0)
  [SIPConnectIPPort failed]
  1333.086142 @/SourceCache/VideoConference/VideoConference-415.22/SIP/SIP.c:2917 type=4 (900A0015/0)
  [SIPConnectIPPort failed]
  1335.086270 @/SourceCache/VideoConference/VideoConference-415.22/SIP/SIP.c:2917 type=4 (900A0015/0)
  [SIPConnectIPPort failed]
  1337.086603 @/SourceCache/VideoConference/VideoConference-415.22/SIP/SIP.c:2917 type=4 (900A0015/0)
  [SIPConnectIPPort failed]
  1339.087985 @/SourceCache/VideoConference/VideoConference-415.22/SIP/SIP.c:2917 type=4 (900A0015/0)
  [SIPConnectIPPort failed]
  1341.088212 @/SourceCache/VideoConference/VideoConference-415.22/SIP/SIP.c:2917 type=4 (900A0015/0)
  [SIPConnectIPPort failed]
  1343.088361 @/SourceCache/VideoConference/VideoConference-415.22/SIP/SIP.c:2917 type=4 (900A0015/0)
  [SIPConnectIPPort failed]
  Video Conference Support Report:
  929.446913 @/SourceCache/VideoConference/VideoConference-415.22/Video Conference/VCInitiateConference.m:2059 type=2 (00000000/0)
  [Connection Data for call id: 1 returns 1
  934.996640 @/SourceCache/VideoConference/VideoConference-415.22/Video Conference/VCInitiateConference.m:2074 type=2 (00000000/0)
  [Prepare Connection With Remote Data - remote VCConnectionData: 1, local VCConnectionData: 1
  935.002114 @/SourceCache/VideoConference/VideoConference-415.22/Video Conference/VCInitiateConference.m:2266 type=2 (00000000/0)
  [Initiate Conference To User: u0 with Remote VCConnectionData: 1 with Local Connection Data: 1 conferenceSettings: 1]
  935.467624 @/SourceCache/VideoConference/VideoConference-415.22/SIP/Transport.c:2138 type=1 (00000000/0)
  [INVITE sip:user@rip:16402 SIP/2.0
  Via: SIP/2.0/UDP lip:16402;branch=z9hG4bK0fdd30e326aa779b
  Max-Forwards: 70
  To: "u0" <sip:user@rip:16402>
  From: "0" <sip:user@lip:16402>;tag=544473054
  Call-ID: 9c7ecf46-ec3d-11df-8530-f81eeb5f4012@lip
  CSeq: 1 INVITE
  Contact: <sip:user@lip:16402>;isfocus
  User-Agent: Viceroy 1.4
  Content-Type: application/sdp
  Content-Length: 708
  Video Conference User Report:
  928.427249 @:0 type=5 (00000000/16402)
  [Local SIP port]
  934.996832 @/SourceCache/VideoConference/VideoConference-415.22/Video Conference/VCInitiateConference.m:2171 type=5 (00000000/0)
  *[Remote Router]*
  *[PORT RESTRICTED]*
  934.996842 @/SourceCache/VideoConference/VideoConference-415.22/Video Conference/VCInitiateConference.m:2173 type=5 (00000000/0)
  [Remote CommNAT Result: 0x000000d0
  936.003962 @:0 type=5 (00000000/60)
  [Detected bandwidth (kbits/s): 2627 up, 2627 down. (00000000)
  936.033015 @/SourceCache/VideoConference/VideoConference-415.22/Video Conference/VideoConferenceMultiController.m:2423 type=5 (00000000/0)
  [Start Conference With UserID: u0]
  978.787787 @:0 type=5 (00000000/16402)
  [Local SIP port]
  1014.011790 @/SourceCache/VideoConference/VideoConference-415.22/Video Conference/VCInitiateConference.m:2171 type=5 (00000000/0)
  [Remote Router]
  [PORT RESTRICTED]
  1014.011800 @/SourceCache/VideoConference/VideoConference-415.22/Video Conference/VCInitiateConference.m:2173 type=5 (00000000/0)
  [Remote CommNAT Result: 0x000000d0
  1015.024555 @:0 type=5 (00000000/60)
  [Detected bandwidth (kbits/s): 2627 up, 2627 down. (00000000)
  1015.031800 @/SourceCache/VideoConference/VideoConference-415.22/Video Conference/VideoConferenceMultiController.m:2423 type=5 (00000000/0)
  [Start Conference With UserID: u0]
  1323.083386 @/SourceCache/VideoConference/VideoConference-415.22/Video Conference/VCInitiateConference.m:2171 type=5 (00000000/0)
  [Remote Router]
  [PORT RESTRICTED]
  1323.083396 @/SourceCache/VideoConference/VideoConference-415.22/Video Conference/VCInitiateConference.m:2173 type=5 (00000000/0)
  [Remote CommNAT Result: 0x000000d0
  (…)

  Hi,
  Does this 3G device have any set up functions that are on your Mac ?
  If it does not it is likely that it is wide open to all Port (65535 of them).
  I presume that in System Preferences > Network you see a Public IP when using this device ?
  Again this would tend to pint to all the ports being open.
  Is there anything on the ISP's web site that suggests this device is unsuitable to be used with VoIP or SIP connections ?
  VoIP (Voice over the Internet) uses the SIP connection process the way iChat does.
  Most likely the issues is the way packets are sent.
  When you do a download, for instance, do you find the speed increases in the first few minutes ?
  When some data packets are sent over the Internet the next one is not sent until confirmation that the first has arrived.
  This Latency effects Point to Point WiFi (antenna to Dish on House) and satellite connections mostly particularly when it is a two way thing.
  It can effect Mobile/Cell phone type connections.
  What sort of Speeds are you getting on the 3G device ?
  http://www.speedtest.net/
  Do these seem to get faster as the time proceeds ? (this can be difficult to spot).
  The Log mentions one end being at just over 2Gbps although it does not make it clear which end.
  As the Remote end is the end that reports "Router: Port Restricted" and it works over standard DSL we have to presume they have the ports open.
  You could try restricting iChat 's Bandwidth in iChat menu > Preferences > Video Section to 500kbps (try it at both ends)
  If that does not work try 200kbps
  This may stop iChat from trying to send data too Fast for the Network Connections.
  Realistically there are a few too many variables here.
  It could be Speed of data throughout at the Initiation point. (Slow Start up of data transfer)
  It could be an Internal setting preventing SIP.
  It could be that the 3G network sends and receives data by different routes.
  (I have seen this once when a ISP was repairing some Cabling. To maintain end user speeds they managed their own network to split Incoming and outgoing data to the end point.)
  iChat does not like this as it checks the IPs and the Hops (number of intermediate stages/servers) and if the data is different it will not connect (Man in the Middle attack protection).
  I can't remember the last time I knew of someone being successful with either an 3G USB dongle or a 3G phone as Modem (internet Sharing).
  Despite my ideas I think you will be unlucky and this will not work.
  10:31 PM Saturday; November 13, 2010
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"

• Catching Port Scanners, or preventing port scans

  Does anyone know of way to catch a person who is "port scanning" or "port sweeping" me?
  I have Norton AntiVirus, and it blocks the port scans, and gives me the ip address, but I can't seem to find a way to link this to anyone...
  Any suggestions?

  It enrages me and I want to find them...and hack them, with something other than a computer...
  Move on.
  For on, you're not going to stop it. It's a fact of life online and there are far more systems out there doing it than you have time to track (unless you're really, really bored).
  Secondly, even if the addresses aren't spoofed you'll find one of two situations in 99.9% of all scans:
  Either the source is in some remote country like Romania or China who doesn't give two hoots about your IP, or the source is some poor schmuck whose Windows machine has been hacked and he's part of a botnet or other setup where the real culprit is far removed.
  In the former case you're wasting your time. In the latter you're targeting the wrong person and you have no chance of finding the real source.
  So consider it noise and live with it. Your life will be much happier.