Re: How to prevent other PC from scaning my machine?
From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 09/30/04
- Next message: Al: "DansGuard question"
- Previous message: Chuck: "Re: Misterious Papua phone calls in telco bill"
- Next in thread: KG6VQE: "Re: How to prevent other PC from scaning my machine?"
- Maybe reply: KG6VQE: "Re: How to prevent other PC from scaning my machine?"
- Reply: Jay Calvert: "Re: How to prevent other PC from scaning my machine?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Sep 2004 14:22:26 -0500
In article <896f349.0409292147.334debdb@posting.google.com>, Dave wrote:
>I have Sygate installed on my PC and the past two weeks, some one scan
>my UDP ports every 1 or 2 minutes. Although Sygate reported bloked
>those traffic, but it still very anoying.
You are connected to the Internet. Sh1t happens. If you want to know
why, then you'll have to grab some books and start learning about
networking protocols.
>Question 1). Does someone know how to stop those scaning?
Well, the obvious answer is to disconnect the box. The second solution
in this case is to change ISPs. A more likely solution is to review the
configuration of your computer and see what is triggering this.
>The scaning PC/PCs IP addresses are:
>
>64.12.14.82
>64.12.14.81
>205.188.71.21
>205.188.71.22
>205.188.71.25
[compton ~]$ host 64.12.14.81
81.14.12.64.IN-ADDR.ARPA domain name pointer mtc-cache001.edns.aol.com
[compton ~]$ host 64.12.14.82
82.14.12.64.IN-ADDR.ARPA domain name pointer mtc-cache002.edns.aol.com
[compton ~]$ host 205.188.71.21
21.71.188.205.IN-ADDR.ARPA domain name pointer dtc-cache001.edns.aol.com
[compton ~]$ host 205.188.71.22
22.71.188.205.IN-ADDR.ARPA domain name pointer dtc-cache002.edns.aol.com
[compton ~]$ host 205.188.71.25
25.71.188.205.IN-ADDR.ARPA domain name pointer dtc-ispns1.ns.aol.com
[compton ~]$
Uhuh - and I'm going to guess that port 53 is involved.
>Sygate reported the remote MAC address is
>20-53-52-43-00-00
That's just a lie that your firewall is making up, because it's totally
clueless. MAC addresses are only found on the local wire - between you
and the router for example. In this case, the six bytes are ASCII, and
are the characters 'space', 'S', 'R', 'C', and two nulls.
>Question 2). Does anyone familiar the above IP addresses?
Here's a hint:
>NNTP-Posting-Host: 172.175.230.171
You are with AOL - and those five addresses are name servers for internal
use. The likely reason you are seeing the traffic is because you are using
windoze, and it's trying to find who it can "share" your information with.
Remember that windoze is trying to give you all kinds of wonderful
"features" that the marketeers think you might need, but they also
recognize that configuring those would be to hard - so they turn this
stuff on by default. Aren't they nice?
>I back traced two of the above address,
I'm amazed that this "tool" didn't identify the hostname.
Old guy
- Next message: Al: "DansGuard question"
- Previous message: Chuck: "Re: Misterious Papua phone calls in telco bill"
- Next in thread: KG6VQE: "Re: How to prevent other PC from scaning my machine?"
- Maybe reply: KG6VQE: "Re: How to prevent other PC from scaning my machine?"
- Reply: Jay Calvert: "Re: How to prevent other PC from scaning my machine?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
