Sign in with
Sign up | Sign in
Your question

Port Scanning

Last response: in Networking
Share
Anonymous
a b 8 Security
July 12, 2004 8:26:33 AM

Archived from groups: comp.security.firewalls,comp.security.misc (More info?)

I'm on Telewest Blueyonder Broadband in the UK and reaquainted myself
with ZoneAlarm recently. Every ten seconds I was notified of some
port intrusion, some from Blueyonder IP's, some not. Telewest informs
me that their servers will port scan clients. Does this seem
reasonable? Most of the other port intrusions I presume are from
virus-hijacked computers?

Furthermore, as ZoneAlarm has this nasty side-effect of crashing my
computer, I'd like to replace it with a much more reliable means of
security--a router. Does anyone have any opinions as to why a hardware
firewall (I'm leaning toward Linksys BEFW11S4) might NOT be a better
idea than software firewall?

I know ZoneAlarm isn't the end all and be all of firewalls. I like
Norton's antivirus, maybe their Internet Security combo is decent?
Though ...it's still cheaper to buy the router!

Thanks for your opinions in advance.

Evan Joanette
ejoanett@hotmail.dot.com

More about : port scanning

Anonymous
a b 8 Security
July 12, 2004 5:50:39 PM

Archived from groups: comp.security.firewalls,comp.security.misc (More info?)

I use two routers, an alpha shield which is connected to a watchguard
firebox, and I use NIS on my system. I too use broadband and every so often
my ISP servers scan, I'm given the option to allow or block, which I block.
When I checked with my ISP they say it's sop.

"Evan Joanette" <ejoanett@hotmail.com> wrote in message
news:a69ed305.0407120326.1e23fbcd@posting.google.com...
> I'm on Telewest Blueyonder Broadband in the UK and reaquainted myself
> with ZoneAlarm recently. Every ten seconds I was notified of some
> port intrusion, some from Blueyonder IP's, some not. Telewest informs
> me that their servers will port scan clients. Does this seem
> reasonable? Most of the other port intrusions I presume are from
> virus-hijacked computers?
>
> Furthermore, as ZoneAlarm has this nasty side-effect of crashing my
> computer, I'd like to replace it with a much more reliable means of
> security--a router. Does anyone have any opinions as to why a hardware
> firewall (I'm leaning toward Linksys BEFW11S4) might NOT be a better
> idea than software firewall?
>
> I know ZoneAlarm isn't the end all and be all of firewalls. I like
> Norton's antivirus, maybe their Internet Security combo is decent?
> Though ...it's still cheaper to buy the router!
>
> Thanks for your opinions in advance.
>
> Evan Joanette
> ejoanett@hotmail.dot.com
July 12, 2004 7:43:58 PM

Archived from groups: comp.security.firewalls,comp.security.misc (More info?)

Hello,
On your question about hardware firewalls; I use a Linksys router and find
it very reliable. The only problem is it doesn't monitor / alert on outgoing
traffic, so you don't get warned of spyware, etc that might phone home. I am
looking to have the best of both worlds by having both router and software
firewall. So far I've looked at Zonealarm (but this can't be configured to
block outgoing traffic by ip address to block known ad servers) and Kerio
(which is very configurable in what it can block, but unfortuantely also
regularly crashed my computer).
On your first point, I'm not sure I like the sound of a provider port
scanning my system - but as you've probably gathered from my above comments
I'm slightly paranoid!

Hope these thoughts are helpful...

"Evan Joanette" <ejoanett@hotmail.com> wrote in message
news:a69ed305.0407120326.1e23fbcd@posting.google.com...
> I'm on Telewest Blueyonder Broadband in the UK and reaquainted myself
> with ZoneAlarm recently. Every ten seconds I was notified of some
> port intrusion, some from Blueyonder IP's, some not. Telewest informs
> me that their servers will port scan clients. Does this seem
> reasonable? Most of the other port intrusions I presume are from
> virus-hijacked computers?
>
> Furthermore, as ZoneAlarm has this nasty side-effect of crashing my
> computer, I'd like to replace it with a much more reliable means of
> security--a router. Does anyone have any opinions as to why a hardware
> firewall (I'm leaning toward Linksys BEFW11S4) might NOT be a better
> idea than software firewall?
>
> I know ZoneAlarm isn't the end all and be all of firewalls. I like
> Norton's antivirus, maybe their Internet Security combo is decent?
> Though ...it's still cheaper to buy the router!
>
> Thanks for your opinions in advance.
>
> Evan Joanette
> ejoanett@hotmail.dot.com
Related resources
Anonymous
a b 8 Security
July 13, 2004 1:51:44 AM

Archived from groups: comp.security.firewalls,comp.security.misc (More info?)

I use D-Link router, and can block ports in there (block 135-139 btw) and
Norton Firewall where you can chose incoming and outgoing.


"Evan Joanette" <ejoanett@hotmail.com> wrote in message
news:a69ed305.0407120326.1e23fbcd@posting.google.com...
> I'm on Telewest Blueyonder Broadband in the UK and reaquainted myself
> with ZoneAlarm recently. Every ten seconds I was notified of some
> port intrusion, some from Blueyonder IP's, some not. Telewest informs
> me that their servers will port scan clients. Does this seem
> reasonable? Most of the other port intrusions I presume are from
> virus-hijacked computers?
>
> Furthermore, as ZoneAlarm has this nasty side-effect of crashing my
> computer, I'd like to replace it with a much more reliable means of
> security--a router. Does anyone have any opinions as to why a hardware
> firewall (I'm leaning toward Linksys BEFW11S4) might NOT be a better
> idea than software firewall?
>
> I know ZoneAlarm isn't the end all and be all of firewalls. I like
> Norton's antivirus, maybe their Internet Security combo is decent?
> Though ...it's still cheaper to buy the router!
>
> Thanks for your opinions in advance.
>
> Evan Joanette
> ejoanett@hotmail.dot.com
Anonymous
a b 8 Security
July 13, 2004 4:12:46 AM

Archived from groups: comp.security.firewalls,comp.security.misc (More info?)

As a rule all anti-virus, spyware and firewall protection systems need to be
installed on a clean system. Most of the problems that I have had to solve
were those on systems of up time more than 60 days


******************************************************************
"ac" <alastair$$chadwick@virgin.net> wrote in message
news:2lyIc.234$VH2.110@newsfe4-gui.ntli.net...
> Hello,
> On your question about hardware firewalls; I use a Linksys router and find
> it very reliable. The only problem is it doesn't monitor / alert on
outgoing
> traffic, so you don't get warned of spyware, etc that might phone home. I
am
> looking to have the best of both worlds by having both router and software
> firewall. So far I've looked at Zonealarm (but this can't be configured to
> block outgoing traffic by ip address to block known ad servers) and Kerio
> (which is very configurable in what it can block, but unfortuantely also
> regularly crashed my computer).
> On your first point, I'm not sure I like the sound of a provider port
> scanning my system - but as you've probably gathered from my above
comments
> I'm slightly paranoid!
>
> Hope these thoughts are helpful...
>
> "Evan Joanette" <ejoanett@hotmail.com> wrote in message
> news:a69ed305.0407120326.1e23fbcd@posting.google.com...
> > I'm on Telewest Blueyonder Broadband in the UK and reaquainted myself
> > with ZoneAlarm recently. Every ten seconds I was notified of some
> > port intrusion, some from Blueyonder IP's, some not. Telewest informs
> > me that their servers will port scan clients. Does this seem
> > reasonable? Most of the other port intrusions I presume are from
> > virus-hijacked computers?
> >
> > Furthermore, as ZoneAlarm has this nasty side-effect of crashing my
> > computer, I'd like to replace it with a much more reliable means of
> > security--a router. Does anyone have any opinions as to why a hardware
> > firewall (I'm leaning toward Linksys BEFW11S4) might NOT be a better
> > idea than software firewall?
> >
> > I know ZoneAlarm isn't the end all and be all of firewalls. I like
> > Norton's antivirus, maybe their Internet Security combo is decent?
> > Though ...it's still cheaper to buy the router!
> >
> > Thanks for your opinions in advance.
> >
> > Evan Joanette
> > ejoanett@hotmail.dot.com
>
>
Anonymous
a b 8 Security
July 13, 2004 7:27:01 AM

Archived from groups: comp.security.firewalls,comp.security.misc (More info?)

A router AND firewall software... quite the combo. There are some
things that the software does that I didn't realize the router didn't
always do.

Unfortunately, it sounds like there's a fair number of system crashes
blamed on firewall software, and now I've experienced it. But now that
I realize there are so many port intrusions on my machine, I need some
security.

My last router was an SMC Barricade, but I really like the Linksys.
Doubt I'll change my mind on that.
Anonymous
a b 8 Security
July 19, 2004 8:25:02 PM

Archived from groups: comp.security.firewalls,comp.security.misc (More info?)

"Evan Joanette" <ejoanett@hotmail.com> wrote in message
news:a69ed305.0407120326.1e23fbcd@posting.google.com...
> I'm on Telewest Blueyonder Broadband in the UK and reaquainted myself
> with ZoneAlarm recently. Every ten seconds I was notified of some
> port intrusion, some from Blueyonder IP's, some not. Telewest informs
> me that their servers will port scan clients. Does this seem
> reasonable? Most of the other port intrusions I presume are from
> virus-hijacked computers?
>
> Furthermore, as ZoneAlarm has this nasty side-effect of crashing my
> computer, I'd like to replace it with a much more reliable means of
> security--a router. Does anyone have any opinions as to why a hardware
> firewall (I'm leaning toward Linksys BEFW11S4) might NOT be a better
> idea than software firewall?
>
> I know ZoneAlarm isn't the end all and be all of firewalls. I like
> Norton's antivirus, maybe their Internet Security combo is decent?
> Though ...it's still cheaper to buy the router!
>
> Thanks for your opinions in advance.
>
> Evan Joanette
> ejoanett@hotmail.dot.com

First of all, be aware the a lot of operations that seem like intrusions/pot
scans are actually fully legal requests that are considered intruison
because of some minor modifications in timeouts of all kinds, or the number
of requests per minute and so on. Some IDS tools be default will alarm you
of intrusion detection which will be some legal NetBIOS request , for
example. (TCP ports 135, 138 & 139)
!