Question on getting port scanned.

[fuzeman]

I don't really know if this is a problem or a usual thing for them to do, them being Level3 Communications. I notice they are usually the only one to port scan me and I've come to believe it is hurting the stability of my connection. When I loose vox and I relog, it seems to coincide with a port scan by Level3.
I use Sygate personal firewall and keep it on when I play, even though I don't really 'need' it being I use Earthlink dialup. I want that little bit of security though. Here is a pingplot of my 'usual' connection and after that the text that Sygate logs into my security log. Am I worrying about nothing or is something going on?



Time:   9/15/04 1:26:01 AM   
Security Type:   Port Scan   
Severity:   Minor   
Direction:   Incoming   
Protocol:   TCP   
Remote Host:   4.156.159.215   
Remote MAC:   20-53-52-43-00-00   
Local Host:   4.156.162.173   
Local MAC:   44-45-53-54-00-00   
User Name:   Dave   
Domain:   WORKGROUP   
Security:   Normal   
Occurances:   1   
Begin Time:   9/15/04 1:24:59 AM   
End Time:   9/15/04 1:24:59 AM

Somebody is scanning your computer.
 Your computer's TCP ports:
 445, 2745, 5000,  and 3140 have been scanned from 4.156.159.215..

The following is what I receive when I do a 'backtrace' and a 'Who is this?'

OrgName:    Level 3 Communications, Inc.
OrgID:      LVLT
Address:    1025 Eldorado Blvd.
City:       Broomfield
StateProv:  CO
PostalCode: 80021
Country:    US

NetRange:   4.0.0.0 - 4.255.255.255
CIDR:       4.0.0.0/8
NetName:    LVLT-ORG-4-8
NetHandle:  NET-4-0-0-0-1
Parent:    
NetType:    Direct Allocation
NameServer: NS1.LEVEL3.NET
NameServer: NS2.LEVEL3.NET
Comment:    
RegDate:    
Updated:    2004-06-04

OrgAbuseHandle: APL8-ARIN
OrgAbuseName:   Abuse POC LVLT
OrgAbusePhone:  +1-877-453-8353
OrgAbuseEmail:  abuse@level3.com

OrgTechHandle: TPL1-ARIN
OrgTechName:   Tech POC LVLT
OrgTechPhone:  +1-877-453-8353
OrgTechEmail:  ipaddressing@level3.com

OrgTechHandle: ARINC4-ARIN
OrgTechName:   ARIN Contact
OrgTechPhone:  +1-800-436-8489
OrgTechEmail:  arin-contact@genuity.com

# ARIN WHOIS database, last updated 2004-09-14 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

[llama]

I have a static IP address at home via DSL, so I get portscanned all the time. I keep a hardware firewall between my computers, my server (http://www.warrenernst.com/), and the Net at large, and I don't really worry about it, because the systems are as updated as possible.

That said, whoever is scanning you must surely know that you have a dialup connection, and as such, are not that attractive a target. Provided your antispyware, antivirus, and systyem patchs are all up to date, AND that you aren't doing Windows Sharing of your hard drive without passwords, you really aren't a target.

A thought comes to mind that perhaps it is not the portscan per se that is causing the hangups, but Sygate's reaction to the portscan that is messing up your machine. If I were you, I would make sure the system is up to date, and then DISABLE Sygate and see if portscans kick you off.

If you are really hot on software firewalls (and I am not), you might try some other vendor's software firewall product and see if you get the same hangup.

-Llama

[DAVENRINO]

I have been using Sygate almost three years now while playing AH both on dialup from Guam and cable/DSL through a router in Hawaii.  Sygate has never caused me any problems while playing AH or any other game.  I am not sure if I am being scanned or not because I have disabled alerts and logging. I do turn off Norton on both machines while playing online.

[la7'sRule]

kerio personal firewall Works wonders and is free.

also you may wanna find a program called unpnp.
some port scans look for your internetpnp availabilaty n use it to hack your pc

have a look at these low level and medium level scans that kerio has stoped.

let alone the high level attacks.


Notice the highlited port scan in low level intrusions.... most fire walls will permit low level itrusions.. Only reason i didnt loose controll of my pc to a hacker is Due to dissableing my pnp With the above mentyioned program Unpnp. made by the same people who made Shoot the messenger (great for stoping xp's messenger service popups)

here are some screen dumps

LOW LEVEL



medium Level




HIGH RISK!

[DAVENRINO]

Kerio is also a good free solution, and those other little security apps written by Steve Gibson work well if you are not comfortable with turning off those Services yourself.  I am sure Sygate is constantly stopping probes on my dialup machine, but I don't feel the need to know about it as long as it works.  Of course Sygate is only a backup to my hardware firewall on my cable connection.  It has alerted me to a couple spyware apps trying to send info outbound.  I don't get that very often since I regularly use AdsGone, SpywareBlaster, AdAware, and Spybot.

[la7'sRule]

apart from spy bot those spy ware programs suck.
pestpatroll is only 1 i use.

spy bot finds 90% of pests. adaware60% and the rest even less. pest patroll gets all 100%

With regular updates. But im afraid it wil cost you real money