Port Scanning

Archived from groups: comp.security.firewalls,comp.security.misc (More info?)

I'm on Telewest Blueyonder Broadband in the UK and reaquainted myself
with ZoneAlarm recently. Every ten seconds I was notified of some
port intrusion, some from Blueyonder IP's, some not. Telewest informs
me that their servers will port scan clients. Does this seem
reasonable? Most of the other port intrusions I presume are from
virus-hijacked computers?

Furthermore, as ZoneAlarm has this nasty side-effect of crashing my
computer, I'd like to replace it with a much more reliable means of
security--a router. Does anyone have any opinions as to why a hardware
firewall (I'm leaning toward Linksys BEFW11S4) might NOT be a better
idea than software firewall?

I know ZoneAlarm isn't the end all and be all of firewalls. I like
Norton's antivirus, maybe their Internet Security combo is decent?
Though ...it's still cheaper to buy the router!

Thanks for your opinions in advance.

Evan Joanette
ejoanett@hotmail.dot.com
6 answers Last reply
More about port scanning
  1. Archived from groups: comp.security.firewalls,comp.security.misc (More info?)

    I use two routers, an alpha shield which is connected to a watchguard
    firebox, and I use NIS on my system. I too use broadband and every so often
    my ISP servers scan, I'm given the option to allow or block, which I block.
    When I checked with my ISP they say it's sop.

    "Evan Joanette" <ejoanett@hotmail.com> wrote in message
    news:a69ed305.0407120326.1e23fbcd@posting.google.com...
    > I'm on Telewest Blueyonder Broadband in the UK and reaquainted myself
    > with ZoneAlarm recently. Every ten seconds I was notified of some
    > port intrusion, some from Blueyonder IP's, some not. Telewest informs
    > me that their servers will port scan clients. Does this seem
    > reasonable? Most of the other port intrusions I presume are from
    > virus-hijacked computers?
    >
    > Furthermore, as ZoneAlarm has this nasty side-effect of crashing my
    > computer, I'd like to replace it with a much more reliable means of
    > security--a router. Does anyone have any opinions as to why a hardware
    > firewall (I'm leaning toward Linksys BEFW11S4) might NOT be a better
    > idea than software firewall?
    >
    > I know ZoneAlarm isn't the end all and be all of firewalls. I like
    > Norton's antivirus, maybe their Internet Security combo is decent?
    > Though ...it's still cheaper to buy the router!
    >
    > Thanks for your opinions in advance.
    >
    > Evan Joanette
    > ejoanett@hotmail.dot.com
  2. Archived from groups: comp.security.firewalls,comp.security.misc (More info?)

    Hello,
    On your question about hardware firewalls; I use a Linksys router and find
    it very reliable. The only problem is it doesn't monitor / alert on outgoing
    traffic, so you don't get warned of spyware, etc that might phone home. I am
    looking to have the best of both worlds by having both router and software
    firewall. So far I've looked at Zonealarm (but this can't be configured to
    block outgoing traffic by ip address to block known ad servers) and Kerio
    (which is very configurable in what it can block, but unfortuantely also
    regularly crashed my computer).
    On your first point, I'm not sure I like the sound of a provider port
    scanning my system - but as you've probably gathered from my above comments
    I'm slightly paranoid!

    Hope these thoughts are helpful...

    "Evan Joanette" <ejoanett@hotmail.com> wrote in message
    news:a69ed305.0407120326.1e23fbcd@posting.google.com...
    > I'm on Telewest Blueyonder Broadband in the UK and reaquainted myself
    > with ZoneAlarm recently. Every ten seconds I was notified of some
    > port intrusion, some from Blueyonder IP's, some not. Telewest informs
    > me that their servers will port scan clients. Does this seem
    > reasonable? Most of the other port intrusions I presume are from
    > virus-hijacked computers?
    >
    > Furthermore, as ZoneAlarm has this nasty side-effect of crashing my
    > computer, I'd like to replace it with a much more reliable means of
    > security--a router. Does anyone have any opinions as to why a hardware
    > firewall (I'm leaning toward Linksys BEFW11S4) might NOT be a better
    > idea than software firewall?
    >
    > I know ZoneAlarm isn't the end all and be all of firewalls. I like
    > Norton's antivirus, maybe their Internet Security combo is decent?
    > Though ...it's still cheaper to buy the router!
    >
    > Thanks for your opinions in advance.
    >
    > Evan Joanette
    > ejoanett@hotmail.dot.com
  3. Archived from groups: comp.security.firewalls,comp.security.misc (More info?)

    I use D-Link router, and can block ports in there (block 135-139 btw) and
    Norton Firewall where you can chose incoming and outgoing.


    "Evan Joanette" <ejoanett@hotmail.com> wrote in message
    news:a69ed305.0407120326.1e23fbcd@posting.google.com...
    > I'm on Telewest Blueyonder Broadband in the UK and reaquainted myself
    > with ZoneAlarm recently. Every ten seconds I was notified of some
    > port intrusion, some from Blueyonder IP's, some not. Telewest informs
    > me that their servers will port scan clients. Does this seem
    > reasonable? Most of the other port intrusions I presume are from
    > virus-hijacked computers?
    >
    > Furthermore, as ZoneAlarm has this nasty side-effect of crashing my
    > computer, I'd like to replace it with a much more reliable means of
    > security--a router. Does anyone have any opinions as to why a hardware
    > firewall (I'm leaning toward Linksys BEFW11S4) might NOT be a better
    > idea than software firewall?
    >
    > I know ZoneAlarm isn't the end all and be all of firewalls. I like
    > Norton's antivirus, maybe their Internet Security combo is decent?
    > Though ...it's still cheaper to buy the router!
    >
    > Thanks for your opinions in advance.
    >
    > Evan Joanette
    > ejoanett@hotmail.dot.com
  4. Archived from groups: comp.security.firewalls,comp.security.misc (More info?)

    As a rule all anti-virus, spyware and firewall protection systems need to be
    installed on a clean system. Most of the problems that I have had to solve
    were those on systems of up time more than 60 days


    ******************************************************************
    "ac" <alastair$$chadwick@virgin.net> wrote in message
    news:2lyIc.234$VH2.110@newsfe4-gui.ntli.net...
    > Hello,
    > On your question about hardware firewalls; I use a Linksys router and find
    > it very reliable. The only problem is it doesn't monitor / alert on
    outgoing
    > traffic, so you don't get warned of spyware, etc that might phone home. I
    am
    > looking to have the best of both worlds by having both router and software
    > firewall. So far I've looked at Zonealarm (but this can't be configured to
    > block outgoing traffic by ip address to block known ad servers) and Kerio
    > (which is very configurable in what it can block, but unfortuantely also
    > regularly crashed my computer).
    > On your first point, I'm not sure I like the sound of a provider port
    > scanning my system - but as you've probably gathered from my above
    comments
    > I'm slightly paranoid!
    >
    > Hope these thoughts are helpful...
    >
    > "Evan Joanette" <ejoanett@hotmail.com> wrote in message
    > news:a69ed305.0407120326.1e23fbcd@posting.google.com...
    > > I'm on Telewest Blueyonder Broadband in the UK and reaquainted myself
    > > with ZoneAlarm recently. Every ten seconds I was notified of some
    > > port intrusion, some from Blueyonder IP's, some not. Telewest informs
    > > me that their servers will port scan clients. Does this seem
    > > reasonable? Most of the other port intrusions I presume are from
    > > virus-hijacked computers?
    > >
    > > Furthermore, as ZoneAlarm has this nasty side-effect of crashing my
    > > computer, I'd like to replace it with a much more reliable means of
    > > security--a router. Does anyone have any opinions as to why a hardware
    > > firewall (I'm leaning toward Linksys BEFW11S4) might NOT be a better
    > > idea than software firewall?
    > >
    > > I know ZoneAlarm isn't the end all and be all of firewalls. I like
    > > Norton's antivirus, maybe their Internet Security combo is decent?
    > > Though ...it's still cheaper to buy the router!
    > >
    > > Thanks for your opinions in advance.
    > >
    > > Evan Joanette
    > > ejoanett@hotmail.dot.com
    >
    >
  5. Archived from groups: comp.security.firewalls,comp.security.misc (More info?)

    A router AND firewall software... quite the combo. There are some
    things that the software does that I didn't realize the router didn't
    always do.

    Unfortunately, it sounds like there's a fair number of system crashes
    blamed on firewall software, and now I've experienced it. But now that
    I realize there are so many port intrusions on my machine, I need some
    security.

    My last router was an SMC Barricade, but I really like the Linksys.
    Doubt I'll change my mind on that.
  6. Archived from groups: comp.security.firewalls,comp.security.misc (More info?)

    "Evan Joanette" <ejoanett@hotmail.com> wrote in message
    news:a69ed305.0407120326.1e23fbcd@posting.google.com...
    > I'm on Telewest Blueyonder Broadband in the UK and reaquainted myself
    > with ZoneAlarm recently. Every ten seconds I was notified of some
    > port intrusion, some from Blueyonder IP's, some not. Telewest informs
    > me that their servers will port scan clients. Does this seem
    > reasonable? Most of the other port intrusions I presume are from
    > virus-hijacked computers?
    >
    > Furthermore, as ZoneAlarm has this nasty side-effect of crashing my
    > computer, I'd like to replace it with a much more reliable means of
    > security--a router. Does anyone have any opinions as to why a hardware
    > firewall (I'm leaning toward Linksys BEFW11S4) might NOT be a better
    > idea than software firewall?
    >
    > I know ZoneAlarm isn't the end all and be all of firewalls. I like
    > Norton's antivirus, maybe their Internet Security combo is decent?
    > Though ...it's still cheaper to buy the router!
    >
    > Thanks for your opinions in advance.
    >
    > Evan Joanette
    > ejoanett@hotmail.dot.com

    First of all, be aware the a lot of operations that seem like intrusions/pot
    scans are actually fully legal requests that are considered intruison
    because of some minor modifications in timeouts of all kinds, or the number
    of requests per minute and so on. Some IDS tools be default will alarm you
    of intrusion detection which will be some legal NetBIOS request , for
    example. (TCP ports 135, 138 & 139)
Ask a new question

Read More

Firewalls Security Networking