My PC did a port scan. Is this OK?

  • Thread starter Thread starter Michael Taylor
  • Start date Start date
M

Michael Taylor

My DSL router, which has a firewall, sent me some emails saying it detected
a port scan attack from my PC to address 69.28.159.9 on port 80. The ports
used on my PC were 3228, 3255, 3316, 3317, 3227, 3229, 3256 and 3318. I did
a traceroute to the address but it doesn't resolve to a recognizable host
name. All I know is the destination IP is in the US. I used Port Explorer
right away but any process that had those ports open is gone so I don't know
what it was that was doing the scan.

5 22ms 21ms 21ms [195.66.224.167] cr02.ldn01.pccwbtn.net
6 97ms 96ms 96ms [63.216.0.86] pos1-0.cr02.ash01.pccwbtn.net
7 95ms 97ms 97ms [63.218.94.10] ge0-3-0-8.jr1.iad.llnw.net
8 95ms 97ms 97ms [69.28.159.9]

69.28.159.9 is 8 hops away
Trace Complete
----------------------------------------------------------------------------
----------


My AV software is upto date, I regularly use Spybot to clean up junk, i'm
behind a NAT router with an SPI firewall. I use Windows XP Pro, with SP1 and
all critical updates installed. Should I be worried about this?

Thanks
 
A hacker was trying to scan your computer to possibly
plant some viruses or trojan horses on your computer. Run
a virus scan and get yourself a firewall program.
Norton's cost about $50 but you can get some off the
internet for free. zonelabs.com offers a good one for
free. The firewall program that comes with XP is
worthless. Don't even bother with it. Hackers are always
looking for computers to plant their spamware utilites on
or to use your computer as a zombie to send out viruses or
spam.
 
Hi Gerry,
It was my PC doing the port scan, not the other way around. I have a
hardware stateful inspection firewall protecting my home network. It was
this firewall that detected my PC doing the portscan to another IP address
in the US. Since I have a hardware firewall in place I don't need a software
firewall on my PC. What I'd really like to do is figure out what component
on my PC tried to do the portscan.
Thanks
Mike

Gerry said:
A hacker was trying to scan your computer to possibly
plant some viruses or trojan horses on your computer. Run
a virus scan and get yourself a firewall program.
Norton's cost about $50 but you can get some off the
internet for free. zonelabs.com offers a good one for
free. The firewall program that comes with XP is
worthless. Don't even bother with it. Hackers are always
looking for computers to plant their spamware utilites on
or to use your computer as a zombie to send out viruses or
spam.

-----Original Message-----
My DSL router, which has a firewall, sent me some emails saying it detected
a port scan attack from my PC to address 69.28.159.9 on port 80. The ports
used on my PC were 3228, 3255, 3316, 3317, 3227, 3229, 3256 and 3318. I did
a traceroute to the address but it doesn't resolve to a recognizable host
name. All I know is the destination IP is in the US. I used Port Explorer
right away but any process that had those ports open is gone so I don't know
what it was that was doing the scan.

5 22ms 21ms 21ms [195.66.224.167] cr02.ldn01.pccwbtn.net
6 97ms 96ms 96ms [63.216.0.86] pos1- 0.cr02.ash01.pccwbtn.net
7 95ms 97ms 97ms [63.218.94.10] ge0-3-0- 8.jr1.iad.llnw.net
8 95ms 97ms 97ms [69.28.159.9]

69.28.159.9 is 8 hops away
Trace Complete
---------------------------------------------------------- ------------------
----------


My AV software is upto date, I regularly use Spybot to clean up junk, i'm
behind a NAT router with an SPI firewall. I use Windows XP Pro, with SP1 and
all critical updates installed. Should I be worried about this?

Thanks


.
 
I don't follow. You connected to port 80 at 69.28.159.9? Connecting to one
port doesn't really indicate a port scan attack.
--

Ken Wickes [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.


Michael Taylor said:
Hi Gerry,
It was my PC doing the port scan, not the other way around. I have a
hardware stateful inspection firewall protecting my home network. It was
this firewall that detected my PC doing the portscan to another IP address
in the US. Since I have a hardware firewall in place I don't need a software
firewall on my PC. What I'd really like to do is figure out what component
on my PC tried to do the portscan.
Thanks
Mike

Gerry said:
A hacker was trying to scan your computer to possibly
plant some viruses or trojan horses on your computer. Run
a virus scan and get yourself a firewall program.
Norton's cost about $50 but you can get some off the
internet for free. zonelabs.com offers a good one for
free. The firewall program that comes with XP is
worthless. Don't even bother with it. Hackers are always
looking for computers to plant their spamware utilites on
or to use your computer as a zombie to send out viruses or
spam.

-----Original Message-----
My DSL router, which has a firewall, sent me some emails saying it detected
a port scan attack from my PC to address 69.28.159.9 on port 80. The ports
used on my PC were 3228, 3255, 3316, 3317, 3227, 3229, 3256 and 3318. I did
a traceroute to the address but it doesn't resolve to a recognizable host
name. All I know is the destination IP is in the US. I used Port Explorer
right away but any process that had those ports open is gone so I don't know
what it was that was doing the scan.

5 22ms 21ms 21ms [195.66.224.167] cr02.ldn01.pccwbtn.net
6 97ms 96ms 96ms [63.216.0.86] pos1- 0.cr02.ash01.pccwbtn.net
7 95ms 97ms 97ms [63.218.94.10] ge0-3-0- 8.jr1.iad.llnw.net
8 95ms 97ms 97ms [69.28.159.9]

69.28.159.9 is 8 hops away
Trace Complete
---------------------------------------------------------- ------------------
----------


My AV software is upto date, I regularly use Spybot to clean up junk, i'm
behind a NAT router with an SPI firewall. I use Windows XP Pro, with SP1 and
all critical updates installed. Should I be worried about this?

Thanks


.
 
Back
Top