Jump to content
Login new information ×
Login new information

Blocked TCP Port scanning attack

truemate

By truemate
in Security & Privacy Center

 Share

Recommended Posts

  • Replies 14
  • Views 1.9k
  • Created
  • Last Reply

Top Posters In This Topic

  • truemate

    6

  • loyal

    4

  • FreeRyde

    1

  • lordnsane

    1

Popular Days

Top Posters In This Topic

Popular Days

loyal

loyal

Posted
Posted

my eset always pop-ups this message "Blocked TCP Port scanning attack" .. its like 4/5 times weekly.. while surfing

5025187.png

5016995.png

whats this,something serious ?

i search one of that ip....

http://www.abuseipdb.com/report-history/204.93.154.194

are u using any port scanner or vpn

i have installed cyberghost,hotspot shield..

but seldom use them

may be hot spot using tcp scan.....uninstall it and try it

Link to comment
Share on other sites
truemate

truemate

Posted
  • Author
Posted

i have installed cyberghost,hotspot shield..

but seldom use them

may be hot spot using tcp scan.....uninstall it and try it

hmmm ok,, but do these port scan alerts is serious ?

Link to comment
Share on other sites
loyal

loyal

Posted
Posted

i have installed cyberghost,hotspot shield..

but seldom use them

may be hot spot using tcp scan.....uninstall it and try it

hmmm ok,, but do these port scan alerts is serious ?

may be if u have any other threat esc hot spot

Link to comment
Share on other sites
truemate

truemate

Posted
  • Author
Posted (edited)

may be hot spot using tcp scan.....uninstall it and try it

hmmm ok,, but do these port scan alerts is serious ?

may be if u have any other threat esc hot spot

from yesterday some weird thing happeing,my modem link/data transfer light keep on continuously blinking,,even though i wont using/surfing or downloading anything...Even i shutdown da pc but still it keeps on blinking...Just yesterday only it started,,from nearly a year using it...but never happens like this before.

I scan from eset,trojan killer,malwarebyte but nope all clean......

And i have also uninstall all vpn like hotspot,Steganos Online Shield,SecurityKISS Tunnel only Cyberghost is still there.

Edited by truemate
Link to comment
Share on other sites
lordnsane

lordnsane

Posted
Posted

hmm, are you using wifi router? from the looks of it, it seems that someone is connected to your network trying to hack into your system, port scanning is usually the beginning phase (nmap?), if yes, see in your router's configuration for any suspicious MAC address and block it.

If not using wifi, maybe a nasty virus in your system?

Link to comment
Share on other sites
iih1

iih1

Posted
Posted (edited)

@truemate

Don't give up!, I assume you are on ESS 7 like me, try this, change your ESS Firewall mode setup rules to Interactive.

and watch what it's done your TCP Blocked or NOT.

2nd option

-Inspect all app you have installed
-Clean install. ESS7 unistall ESS7 1st ( followed with eset uninstaller in safemode!)
-Reinstall ESS7
-Keep ESS in Default setting except these:
-Change ESS Firewall mode to Interactive.
-Change ESS HIPS mode to Interactive.
-Allow and remember setting as your need.
-Wait another replies.
3rd option simply, Back to EAV 7....?????

Good luck!

PS: My Torrent Client qBittorrent, Network LAN, Hub D-link, ADSL+Router TP-Link+Wifi, Host 11.

for illustration my Screenshot ESS 7 setup menu.

essetup.png

Edited by iih1
Link to comment
Share on other sites
loyal

loyal

Posted
Posted

may be hot spot using tcp scan.....uninstall it and try it

hmmm ok,, but do these port scan alerts is serious ?

may be if u have any other threat esc hot spot

from yesterday some weird thing happeing,my modem link/data transfer light keep on continuously blinking,,even though i wont using/surfing or downloading anything...Even i shutdown da pc but still it keeps on blinking...Just yesterday only it started,,from nearly a year using it...but never happens like this before.

I scan from eset,trojan killer,malwarebyte but nope all clean......

And i have also uninstall all vpn like hotspot,Steganos Online Shield,SecurityKISS Tunnel only Cyberghost is still there.

someone using ur router...or trying to hack check ur router setting

see connect devices and security type use wpa2 security and wps off

Link to comment
Share on other sites
truemate

truemate

Posted
  • Author
Posted (edited)

@truemate

Don't give up!, I assume you are on ESS 7 like me, try this, change your ESS Firewall mode setup rules to Interactive.

and watch what it's done your TCP Blocked or NOT.

Good luck!

thanks for the motivation :-) ... from tday morning i banging my head on this.. me fully tired but cant find any suspicious files.

nd yeah me in Ess 7 internet security......

That interactive mode means like this

5041406.png

even mine ESS 7setup menu is same like urs :d

5021941.png

and i dont use any torrentbit,utorrent etc

hmm, are you using wifi router? from the looks of it, it seems that someone is connected to your network trying to hack into your system, port scanning is usually the beginning phase (nmap?), if yes, see in your router's configuration for any suspicious MAC address and block it.

If not using wifi, maybe a nasty virus in your system?

nope its not wifi... common broadband modem

I have scan thru those above mention scanner,,but they wont detect anything.

p.s-

hey watz this "C:\Windows\System32\gatherNetworkInfo.vbs"

is this safe file

Edited by truemate
Link to comment
Share on other sites
mike.mt

mike.mt

Posted
Posted

p.s-

hey watz this "C:\Windows\System32\gatherNetworkInfo.vbs"

is this safe file

The gathernetworkinfo.vbs script comes by default with every Windows 7/8 installation and is located within the C:\Windows\System32\ folder.

The script does collect various networking information about the Windows system and its configuration and dumps the information into the C:\Windows\System32\Config folder.

Port scanning requests from external IP sources are a common occurrence & have been around since the invent of the internet. I get many of these each day showing they have been blocked in the firewall logs on the gateways of my corporate networks.

My suggestion would be to set the firewall rules in your modem to:-

Block ICMP traffic, or 'stealth' mode: ICMP is the protocol used most commonly by the PING program, which queries a given IP address and reports back if a computer answers. This program forms the basis for the myriad of 'scanner' programs freely available on the Internet. These scan a range of IP addresses for responding computers. The systems that answer back to the ICMP request are then targeted by the scanner for further, more intrusive measures to discover security weaknesses. If your firewall blocks ICMP traffic, your system is effectively invisible to casual Internet snoopers.

Block fragmented packets, anonymous requests, DOS attacks etc.

Disable remote administration.

At the end of the day it is always advisable to attempt to block all bad guys at the gateway of your internet connection rather than at an individual PC level.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...