How to prevent other PC from scaning my machine?

Hi,

I am new here.

I have Sygate installed on my PC and the past two weeks, some one scan
my UDP ports every 1 or 2 minutes. Although Sygate reported bloked
those traffic, but it still very anoying.

Question 1). Does someone know how to stop those scaning?

The scaning PC/PCs IP addresses are:

64.12.14.82
64.12.14.81
205.188.71.21
205.188.71.22
205.188.71.25

Sygate reported the remote MAC address is
20-53-52-43-00-00

Question 2). Does anyone familiar the above IP addresses?

I back traced two of the above address,

Detail Information of [64.12.14.81]

OrgName: America Online, Inc.
OrgID: AMERIC-158
Address: 10600 Infantry Ridge Road
City: Manassas
StateProv: VA
PostalCode: 20109
Country: US

NetRange: 64.12.0.0 - 64.12.255.255
CIDR: 64.12.0.0/16
NetName: AOL-MTC
NetHandle: NET-64-12-0-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Assignment
NameServer: DNS-01.NS.AOL.COM
NameServer: DNS-02.NS.AOL.COM
Comment:
RegDate: 1999-12-13
Updated: 1999-12-16

TechHandle: AOL-NOC-ARIN
TechName: America Online, Inc.
TechPhone: +1-703-265-4670
TechEmail:

# ARIN WHOIS database, last updated 2004-09-28 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.



And 205.188.71.22

OrgName: America Online, Inc
OrgID: AMERIC-59
Address: 22080 Pacific Blvd
City: Sterling
StateProv: VA
PostalCode: 20166
Country: US

NetRange: 205.188.0.0 - 205.188.255.255
CIDR: 205.188.0.0/16
NetName: AOL-DTC
NetHandle: NET-205-188-0-0-1
Parent: NET-205-0-0-0-0
NetType: Direct Assignment
NameServer: DNS-01.NS.AOL.COM
NameServer: DNS-02.NS.AOL.COM
Comment:
RegDate: 1998-04-18
Updated: 1998-04-27

TechHandle: AOL-NOC-ARIN
TechName: America Online, Inc.
TechPhone: +1-703-265-4670
TechEmail:

# ARIN WHOIS database, last updated 2004-09-29 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Need your help!

Thanks

Dave

In article <> , yezh99
@email.com says...
> I have Sygate installed on my PC and the past two weeks, some one scan
> my UDP ports every 1 or 2 minutes. Although Sygate reported bloked
> those traffic, but it still very anoying.
>
> Question 1). Does someone know how to stop those scaning?

There is no way you can prevent outsiders from scanning your external IP
address, it's just the what the internet is.

If you really want to be less accessible by others, get a Linksys NAT
router and install it between your computer(s) and the internet
connection. This will act as an inbound barrier device and block
unsolicited connections at the NAT device - your PC's should never see
the scans once it's installed.

--
--

(Remove 999 to reply to me)

Leythos

In article <> , Dave wrote:
>I have Sygate installed on my PC and the past two weeks, some one scan
>my UDP ports every 1 or 2 minutes. Although Sygate reported bloked
>those traffic, but it still very anoying.

You are connected to the Internet. Sh1t happens. If you want to know
why, then you'll have to grab some books and start learning about
networking protocols.

>Question 1). Does someone know how to stop those scaning?

Well, the obvious answer is to disconnect the box. The second solution
in this case is to change ISPs. A more likely solution is to review the
configuration of your computer and see what is triggering this.

>The scaning PC/PCs IP addresses are:
>
>64.12.14.82
>64.12.14.81
>205.188.71.21
>205.188.71.22
>205.188.71.25

[compton ~]$ host 64.12.14.81
81.14.12.64.IN-ADDR.ARPA domain name pointer mtc-cache001.edns.aol.com
[compton ~]$ host 64.12.14.82
82.14.12.64.IN-ADDR.ARPA domain name pointer mtc-cache002.edns.aol.com
[compton ~]$ host 205.188.71.21
21.71.188.205.IN-ADDR.ARPA domain name pointer dtc-cache001.edns.aol.com
[compton ~]$ host 205.188.71.22
22.71.188.205.IN-ADDR.ARPA domain name pointer dtc-cache002.edns.aol.com
[compton ~]$ host 205.188.71.25
25.71.188.205.IN-ADDR.ARPA domain name pointer dtc-ispns1.ns.aol.com
[compton ~]$

Uhuh - and I'm going to guess that port 53 is involved.

>Sygate reported the remote MAC address is
>20-53-52-43-00-00

That's just a lie that your firewall is making up, because it's totally
clueless. MAC addresses are only found on the local wire - between you
and the router for example. In this case, the six bytes are ASCII, and
are the characters 'space', 'S', 'R', 'C', and two nulls.

>Question 2). Does anyone familiar the above IP addresses?

Here's a hint:

>NNTP-Posting-Host: 172.175.230.171

You are with AOL - and those five addresses are name servers for internal
use. The likely reason you are seeing the traffic is because you are using
windoze, and it's trying to find who it can "share" your information with.
Remember that windoze is trying to give you all kinds of wonderful
"features" that the marketeers think you might need, but they also
recognize that configuring those would be to hard - so they turn this
stuff on by default. Aren't they nice?

>I back traced two of the above address,

I'm amazed that this "tool" didn't identify the hostname.

Old guy

Moe Trin

With a Linksys Router, you can turn off the ICMP (PING) flag, and that
prevents the PING command from functioning...Most people scan first using
the PING command, and therefore makes you somewhat "Invisible". At least
they have to try harder to scan your machine.
I also use hardware f/w, as that lets the Firewall get scanned, and not any
of the internal machines.
My Watchguard SOHO box allows a SYSLOG to deliver a log that I can
analyze...that way, you never see the intruder at your machine...just at the
firewall.

KG6VQE

Port 53 is the port for DNS Lookups, its almost like a reply to a lookup.
Ignore it, it is safe.

Jay
http://habaneronetworks.com


"Moe Trin" <> wrote in message
news:.. .
> In article <> , Dave wrote:
> >I have Sygate installed on my PC and the past two weeks, some one scan
> >my UDP ports every 1 or 2 minutes. Although Sygate reported bloked
> >those traffic, but it still very anoying.
>
> You are connected to the Internet. Sh1t happens. If you want to know
> why, then you'll have to grab some books and start learning about
> networking protocols.
>
> >Question 1). Does someone know how to stop those scaning?
>
> Well, the obvious answer is to disconnect the box. The second solution
> in this case is to change ISPs. A more likely solution is to review the
> configuration of your computer and see what is triggering this.
>
> >The scaning PC/PCs IP addresses are:
> >
> >64.12.14.82
> >64.12.14.81
> >205.188.71.21
> >205.188.71.22
> >205.188.71.25
>
> [compton ~]$ host 64.12.14.81
> 81.14.12.64.IN-ADDR.ARPA domain name pointer mtc-cache001.edns.aol.com
> [compton ~]$ host 64.12.14.82
> 82.14.12.64.IN-ADDR.ARPA domain name pointer mtc-cache002.edns.aol.com
> [compton ~]$ host 205.188.71.21
> 21.71.188.205.IN-ADDR.ARPA domain name pointer dtc-cache001.edns.aol.com
> [compton ~]$ host 205.188.71.22
> 22.71.188.205.IN-ADDR.ARPA domain name pointer dtc-cache002.edns.aol.com
> [compton ~]$ host 205.188.71.25
> 25.71.188.205.IN-ADDR.ARPA domain name pointer dtc-ispns1.ns.aol.com
> [compton ~]$
>
> Uhuh - and I'm going to guess that port 53 is involved.
>
> >Sygate reported the remote MAC address is
> >20-53-52-43-00-00
>
> That's just a lie that your firewall is making up, because it's totally
> clueless. MAC addresses are only found on the local wire - between you
> and the router for example. In this case, the six bytes are ASCII, and
> are the characters 'space', 'S', 'R', 'C', and two nulls.
>
> >Question 2). Does anyone familiar the above IP addresses?
>
> Here's a hint:
>
> >NNTP-Posting-Host: 172.175.230.171
>
> You are with AOL - and those five addresses are name servers for internal
> use. The likely reason you are seeing the traffic is because you are using
> windoze, and it's trying to find who it can "share" your information with.
> Remember that windoze is trying to give you all kinds of wonderful
> "features" that the marketeers think you might need, but they also
> recognize that configuring those would be to hard - so they turn this
> stuff on by default. Aren't they nice?
>
> >I back traced two of the above address,
>
> I'm amazed that this "tool" didn't identify the hostname.
>
> Old guy

Jay Calvert

"KG6VQE" <info<nospam>@thecomputerdood.com> wrote in message news:<5T07d.22589$ .com>...
> With a Linksys Router, you can turn off the ICMP (PING) flag, and that
> prevents the PING command from functioning...Most people scan first using
> the PING command, and therefore makes you somewhat "Invisible". At least
> they have to try harder to scan your machine.
> I also use hardware f/w, as that lets the Firewall get scanned, and not any
> of the internal machines.
> My Watchguard SOHO box allows a SYSLOG to deliver a log that I can
> analyze...that way, you never see the intruder at your machine...just at the
> firewall.


Thanks Old guy and KG6VQE, it is very helpful!

Dave