SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)

    Port scanning from my network/computer.....?

    Right then,

    I keep getting blocked by my host at random times for 10 minutes. As you might imagine this is not good for development, project movement or my blood pressure.
    I asked the host what the problem was and they replied:

    Quote Originally Posted by annoing obnoxious host who took 5 days to respond
    The firewall blocked your IP as it detected a port scan. Are all your PCs protected by the latest virus software / scanners?
    Well thats as useful as a cheese sandwich to a drowning ferret.

    So- assuming my system is fully protected (it is), why is my machine port scanning? what can I do to stop it and would the ferret at the sandwich anyway?
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  2. #2
    #titanic {float:none} silver trophy
    molona's Avatar
    Join Date
    Feb 2005
    Location
    from Madrid to Heaven
    Posts
    8,259
    Mentioned
    245 Post(s)
    Tagged
    1 Thread(s)
    You mean that your computer does a port scanning? or that someone is scanning the porst in your computer? You may want to use a software like CommView to analyze the traffic from/to your computer.

  3. #3
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    Apparently my computer is scanning for ports @molona ;
    I will have a look at CommView
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  4. #4
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,065
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    Make sure your antivirus and anti-malware/spyware apps are fully updated and then run full scans of the computer concerned just in case anything has slipped in without being noticed
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  5. #5
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    9,094
    Mentioned
    153 Post(s)
    Tagged
    2 Thread(s)
    Doesn't have to be port scanning per se, just a rogue program will do the trick as well -- I once had a MySQL GUI which could connect to a host via an SSH tunnel but the host would ban me every so often when I did this.

    It's probably a rule in iptables, if so you/they should add a rule somewhere above that throttling rule that whitelists all data from the IP(s) you guys are connecting from.

    To see all iptable rules: iptables -L -n --line-numbers

    To whitelist your IP iptables -I INPUT <n> -s <YOUR IP> -j ACCEPT

    Where <n> is a number lower than the throttling rule (most of the time this is the last rule of the chain).
    Rémon - Hosting Advisor

    SitePoint forums will switch to Discourse soon! Make sure you're ready for it!

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy

  6. #6
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    So theoretically it could be anything from an FTP program, SQL gui or similar thats misfiring?
    Its extendnet.co.uk who are hosting the sites. I have 8-10 sites hosted with them which I get blocked out of.

    I'm sure its something on this laptop so as Lee suggested - full scan it is!
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  7. #7
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    9,094
    Mentioned
    153 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by spikeZ View Post
    So theoretically it could be anything from an FTP program, SQL gui or similar thats misfiring?
    Its extendnet.co.uk who are hosting the sites. I have 8-10 sites hosted with them which I get blocked out of.
    Well I haven't seen the firewall configs of course, but most of them have something like "If you make more than <x> connections in <y> seconds you will be banned for <z> seconds", which sounds an aweful lot like the problem you're having doesn't it?

    This mostly happens when you do a port scan so that's probably why the host went for that. Maybe ask if they know which specific firewall rule you're breaking instead of the very generic "you are portscanning"?
    Rémon - Hosting Advisor

    SitePoint forums will switch to Discourse soon! Make sure you're ready for it!

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy

  8. #8
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,065
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    @spikeZ ;

    http://blogs.msdn.com/b/bgroth/archi...11/256190.aspx

    Found that via a quick search, don't know if it'll help to narrow down the culprit
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  9. #9
    SitePoint Wizard silver trophy Crazybanana's Avatar
    Join Date
    Mar 2003
    Location
    In tha fruit cellar
    Posts
    1,379
    Mentioned
    32 Post(s)
    Tagged
    1 Thread(s)
    you could monitor your ports and network activity, for this I would recommend wireshark over commview - I've been using it for many years, even back when it was known as Ethereal. Great tool - and you may also have a look at Hijackthis and Ccleaner
    Who's to doom when the judge himself is dragged before the bar


  10. #10
    #titanic {float:none} silver trophy
    molona's Avatar
    Join Date
    Feb 2005
    Location
    from Madrid to Heaven
    Posts
    8,259
    Mentioned
    245 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by spikeZ View Post
    So theoretically it could be anything from an FTP program, SQL gui or similar thats misfiring?
    Its extendnet.co.uk who are hosting the sites. I have 8-10 sites hosted with them which I get blocked out of.

    I'm sure its something on this laptop so as Lee suggested - full scan it is!
    In principle, it could be anything, even the MSN checking for new conversations... that's why I suggested that you observed your traffic. CommView allows you to see all the communications going in and out of your computer and network. Of course, the paid version does lots of things but the free one is more than enough and very complete

  11. #11
    Life is not a malfunction gold trophysilver trophybronze trophy
    TechnoBear's Avatar
    Join Date
    Jun 2011
    Location
    Argyll, Scotland
    Posts
    6,355
    Mentioned
    268 Post(s)
    Tagged
    5 Thread(s)
    Off Topic:

    Quote Originally Posted by spikeZ View Post
    Well thats as useful as a cheese sandwich to a drowning ferret.

    what can I do to stop it and would the ferret at the sandwich anyway?
    It would depend. If it's a submarine sandwich, then the ferret might find it very useful.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •