Computer Port Scanner

[rory 0]

Ive been getting "alot" of action on my router, even though everything is closed off to the wide world web, way too many incoming requests, so i went snooping and found the same range of IP's attacking the same ports over and over, so obviouslty i closed a whole range of ports off just in case, but the router also deals with them, I still did it on my own PC just incase.

 

Ok .. Scanners ,,, here is one i found last night, anyone else got any to share?

http://www.seifried.org/freescan2/

 

and also, here is GRC's scanner once again, this one is good for checking closed or open ports as well: https://www.grc.com/x/ne.dll?bh0bkyd2

 

Rory

[Thomas 0]

NMAP is simply the best. OS fingerprinting, what services, stealthed scans. If you have an open port, NMAP will tell you.

[Jasper 0]

Is there any software you can recommend that just provides a record of network traffic to and from the DVR and is not a software firewall?

 

Does NMAP have this ability?

[G22 0]

tcpdump? ethereal?

[Thomas 0]

What you're looking for is a packet sniffer. Both tcpdump/ethereal will work fine but keep in mind this tools are not designed to be user friendly. If the command line worries you, then keep away.

 

Also note that if it is not your network then packet sniffers may run you afoul of wire tapping laws. When it comes to computers in the US, the courts always seem willing to panic when it comes to computer law. There have been people arrested for installing a keylogger on thier own machines and logging while other family members are using it.

 

The best way to handle it is to get a contract in writing if you provide this service for a client.

[Jasper 0]

Only going to sniff my own network traffic.

 

I want to have a log of traffic coming to or leaving the DVR for that very reason.

 

If someone is scanning my ports or somehow got a Trojan on my DVR I want to know about it.

 

I love command line stuff. I am an old DOS/Unix man myself.

 

Windows has been a pain in the rear every since it came out. Prior to XP you couldn’t even rely on it.

 

A simple network traffic logger is all I am looking for.

 

I don’t need anything else other than a record of network traffic.

Edited November 29, 2005 by Guest

[G22 0]

Arrested for installing on their own computers? That is pretty pathetic. We install Spector on our staff workstations at random. It is in our e-policies, and staff are required to sign and agree to it. Spector has aided in eliminating 4 non productive staff members so far.

 

Rory, what Port #? I should post some of our router ACL deny logs. We are flooded with attacks, port scans, hundreds of viruses/spam via email daily, etc.

 

You might find a util or sniffer program at a fosi site, but I haven't check in a while so don't know. Or perhaps gimme yer IP and I will Port Scan you via NMAP and send the results.

[G22 0]

Only going to sniff my own network traffic.

 

I want to have a log of traffic coming to or leaving the DVR for that very reason.

 

If someone is scanning my ports or somehow got a Trojan on my DVR I want to know about it.

 

I love command line stuff. I am an old DOS man myself.

 

Windows has been a pain in the rear every since it came out. Prior to XP you couldn’t even rely on it.

 

A simple network traffic logger is all I am looking for.

 

I don’t need anything else other than a record of network traffic.

 

Why not just enable Windoze Firewalling and log both ALLOW and DENY to the txt file?

[Jasper 0]

I am trying to avoid windows firewall. It sucks. It turns itself on even after I turned it off. I was hoping to avoid it. I am using a software firewall in addition to a router on my own system. The DVR has a router as well. I guess I will put a software firewall on it and just make sure I don’t lock myself out.

 

It would be nice not to log known good traffic and only log unknown traffic. My log files fill up to quickly if I log all traffic. I will have to review my options and see what would work best for the DVR.

 

I thought it was legal for a parent to install a key logger on their kids computer. I know that companies can monitor email or any stored data on their computer system.

 

I have first hand experience with this from an employer’s standpoint. There doesn’t even need to be a policy in place to allow you to monitor employees email or personal files on the employer’s computer system.

 

The computer equipment belongs to the employer and accordingly you are not afforded any privacy. It’s that way in California unless it has changed since the last time this issue came up.

[Thomas 0]

In this case it was a home PC rather then a corprate PC. And parents can install a keylogger/proxy/whatever to monitor the kids. Children have no right to privacy. But in the case I cited it was a wife who did it to the husband.

 

When it comes to networking and computers, the law hasn't caught up to it yet. Juries hear "hacker" and something they don't understand....and you do the math.

[Jasper 0]

Your right about the law and the internet, they have been playing catch up since the beginning.

 

What has the world come to when you can’t spy on your wife or husband?

 

This should be an inalienable right.

[rory 0]

a whole bunch of ports ...

 

1026, 1027, 2, 1433, 6346, 3306, 1031, and 80, just from the latest log

 

Its a whole bunch of IP addresses, which i tried, but cant trace completely, though one of them took me to an asian site.

 

No biggie as im in stealth mode, no ports open, its just the point that im getting them, perhaps that is effecting my download speed ..

[VST_Man 1]

I use http://www.softpedia.com/get/Network-Tools/Network-Information/XNetStat-Professional.shtml

 

keeps a log and allows you to kill connections, trace, and block.

[rory 0]

my router is blocking them though . .. just want to do some serious traces on these IPs so i can email their ISP.

 

google uses alot of ports .. traced their IP as one in the list .. weird ..

Edited November 30, 2005 by Guest

[Jasper 0]

Let me know if you get anywhere with an ISP. My understanding is that it is waste of time as there are constant scans on everybody’s computers. Most of it is harmless. But unless you can prove someone’s intentions were bad, which is damn near impossible you really aren’t going to get anywhere. In the U.S. anyway.

 

If I am wrong someone please correct me. As I would like to contact my ISP or somebody elses to try and stop unwanted network traffic.

 

It’s just like leaving your front door open and not expecting any bugs to come in. You have to keep the screen closed. The problem with networks is there are so many screens.

 

Thanks for the recommendations on the software guys. I will be checking them out.

[Thomas 0]

Most of those machines Rory are simply infected and trying to spread. Proving intent is really hard. An example:

 

My wife had a friend who's machine is acting up. She asks me to try to do a remote diagnositic. So I run in NMAP and look for open ports as part of it (from my end) and of course Norton Firewall goes insane. So she freaks. Was my intent harmful? Hell no. Did she think it was? Yes. Because Norton see's port scanning as a virus attack.

[steve6690 0]

Only going to sniff my own network traffic.

 

I want to have a log of traffic coming to or leaving the DVR for that very reason.

 

 

A simple network traffic logger is all I am looking for.

 

I don’t need anything else other than a record of network traffic.

 

http://www.paessler.com/

 

I use prtg free version on my home pc. It seems to do a lot of stuff..[/url]

[G22 0]

3306 is mysql and 80 is http. Not sure what 1026 and 1027 are though. We get a ton of those daily as well. We get a ton of ping blocks as well (8/0)

[Thomas 0]

MS Messenger (the lan admin tool, not the MSN Messenger)

[rory 0]

yeah i dont have either of those, guess they are just out looking for it ..