Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > How to prevent other PC from scaning my machine?

Reply
Thread Tools

How to prevent other PC from scaning my machine?

 
 
Dave
Guest
Posts: n/a
 
      09-30-2004
Hi,

I am new here.

I have Sygate installed on my PC and the past two weeks, some one scan
my UDP ports every 1 or 2 minutes. Although Sygate reported bloked
those traffic, but it still very anoying.

Question 1). Does someone know how to stop those scaning?

The scaning PC/PCs IP addresses are:

64.12.14.82
64.12.14.81
205.188.71.21
205.188.71.22
205.188.71.25

Sygate reported the remote MAC address is
20-53-52-43-00-00

Question 2). Does anyone familiar the above IP addresses?

I back traced two of the above address,

Detail Information of [64.12.14.81]

OrgName: America Online, Inc.
OrgID: AMERIC-158
Address: 10600 Infantry Ridge Road
City: Manassas
StateProv: VA
PostalCode: 20109
Country: US

NetRange: 64.12.0.0 - 64.12.255.255
CIDR: 64.12.0.0/16
NetName: AOL-MTC
NetHandle: NET-64-12-0-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Assignment
NameServer: DNS-01.NS.AOL.COM
NameServer: DNS-02.NS.AOL.COM
Comment:
RegDate: 1999-12-13
Updated: 1999-12-16

TechHandle: AOL-NOC-ARIN
TechName: America Online, Inc.
TechPhone: +1-703-265-4670
TechEmail: http://www.velocityreviews.com/forums/(E-Mail Removed)

# ARIN WHOIS database, last updated 2004-09-28 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.



And 205.188.71.22

OrgName: America Online, Inc
OrgID: AMERIC-59
Address: 22080 Pacific Blvd
City: Sterling
StateProv: VA
PostalCode: 20166
Country: US

NetRange: 205.188.0.0 - 205.188.255.255
CIDR: 205.188.0.0/16
NetName: AOL-DTC
NetHandle: NET-205-188-0-0-1
Parent: NET-205-0-0-0-0
NetType: Direct Assignment
NameServer: DNS-01.NS.AOL.COM
NameServer: DNS-02.NS.AOL.COM
Comment:
RegDate: 1998-04-18
Updated: 1998-04-27

TechHandle: AOL-NOC-ARIN
TechName: America Online, Inc.
TechPhone: +1-703-265-4670
TechEmail: (E-Mail Removed)

# ARIN WHOIS database, last updated 2004-09-29 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Need your help!

Thanks
 
Reply With Quote
 
 
 
 
Leythos
Guest
Posts: n/a
 
      09-30-2004
In article <(E-Mail Removed)> , yezh99
@email.com says...
> I have Sygate installed on my PC and the past two weeks, some one scan
> my UDP ports every 1 or 2 minutes. Although Sygate reported bloked
> those traffic, but it still very anoying.
>
> Question 1). Does someone know how to stop those scaning?


There is no way you can prevent outsiders from scanning your external IP
address, it's just the what the internet is.

If you really want to be less accessible by others, get a Linksys NAT
router and install it between your computer(s) and the internet
connection. This will act as an inbound barrier device and block
unsolicited connections at the NAT device - your PC's should never see
the scans once it's installed.

--
--
(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
 
 
 
Moe Trin
Guest
Posts: n/a
 
      09-30-2004
In article <(E-Mail Removed)> , Dave wrote:
>I have Sygate installed on my PC and the past two weeks, some one scan
>my UDP ports every 1 or 2 minutes. Although Sygate reported bloked
>those traffic, but it still very anoying.


You are connected to the Internet. Sh1t happens. If you want to know
why, then you'll have to grab some books and start learning about
networking protocols.

>Question 1). Does someone know how to stop those scaning?


Well, the obvious answer is to disconnect the box. The second solution
in this case is to change ISPs. A more likely solution is to review the
configuration of your computer and see what is triggering this.

>The scaning PC/PCs IP addresses are:
>
>64.12.14.82
>64.12.14.81
>205.188.71.21
>205.188.71.22
>205.188.71.25


[compton ~]$ host 64.12.14.81
81.14.12.64.IN-ADDR.ARPA domain name pointer mtc-cache001.edns.aol.com
[compton ~]$ host 64.12.14.82
82.14.12.64.IN-ADDR.ARPA domain name pointer mtc-cache002.edns.aol.com
[compton ~]$ host 205.188.71.21
21.71.188.205.IN-ADDR.ARPA domain name pointer dtc-cache001.edns.aol.com
[compton ~]$ host 205.188.71.22
22.71.188.205.IN-ADDR.ARPA domain name pointer dtc-cache002.edns.aol.com
[compton ~]$ host 205.188.71.25
25.71.188.205.IN-ADDR.ARPA domain name pointer dtc-ispns1.ns.aol.com
[compton ~]$

Uhuh - and I'm going to guess that port 53 is involved.

>Sygate reported the remote MAC address is
>20-53-52-43-00-00


That's just a lie that your firewall is making up, because it's totally
clueless. MAC addresses are only found on the local wire - between you
and the router for example. In this case, the six bytes are ASCII, and
are the characters 'space', 'S', 'R', 'C', and two nulls.

>Question 2). Does anyone familiar the above IP addresses?


Here's a hint:

>NNTP-Posting-Host: 172.175.230.171


You are with AOL - and those five addresses are name servers for internal
use. The likely reason you are seeing the traffic is because you are using
windoze, and it's trying to find who it can "share" your information with.
Remember that windoze is trying to give you all kinds of wonderful
"features" that the marketeers think you might need, but they also
recognize that configuring those would be to hard - so they turn this
stuff on by default. Aren't they nice?

>I back traced two of the above address,


I'm amazed that this "tool" didn't identify the hostname.

Old guy
 
Reply With Quote
 
KG6VQE
Guest
Posts: n/a
 
      09-30-2004
With a Linksys Router, you can turn off the ICMP (PING) flag, and that
prevents the PING command from functioning...Most people scan first using
the PING command, and therefore makes you somewhat "Invisible". At least
they have to try harder to scan your machine.
I also use hardware f/w, as that lets the Firewall get scanned, and not any
of the internal machines.
My Watchguard SOHO box allows a SYSLOG to deliver a log that I can
analyze...that way, you never see the intruder at your machine...just at the
firewall.


 
Reply With Quote
 
Jay Calvert
Guest
Posts: n/a
 
      10-01-2004
Port 53 is the port for DNS Lookups, its almost like a reply to a lookup.
Ignore it, it is safe.

Jay
http://habaneronetworks.com


"Moe Trin" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed).. .
> In article <(E-Mail Removed)> , Dave wrote:
> >I have Sygate installed on my PC and the past two weeks, some one scan
> >my UDP ports every 1 or 2 minutes. Although Sygate reported bloked
> >those traffic, but it still very anoying.

>
> You are connected to the Internet. Sh1t happens. If you want to know
> why, then you'll have to grab some books and start learning about
> networking protocols.
>
> >Question 1). Does someone know how to stop those scaning?

>
> Well, the obvious answer is to disconnect the box. The second solution
> in this case is to change ISPs. A more likely solution is to review the
> configuration of your computer and see what is triggering this.
>
> >The scaning PC/PCs IP addresses are:
> >
> >64.12.14.82
> >64.12.14.81
> >205.188.71.21
> >205.188.71.22
> >205.188.71.25

>
> [compton ~]$ host 64.12.14.81
> 81.14.12.64.IN-ADDR.ARPA domain name pointer mtc-cache001.edns.aol.com
> [compton ~]$ host 64.12.14.82
> 82.14.12.64.IN-ADDR.ARPA domain name pointer mtc-cache002.edns.aol.com
> [compton ~]$ host 205.188.71.21
> 21.71.188.205.IN-ADDR.ARPA domain name pointer dtc-cache001.edns.aol.com
> [compton ~]$ host 205.188.71.22
> 22.71.188.205.IN-ADDR.ARPA domain name pointer dtc-cache002.edns.aol.com
> [compton ~]$ host 205.188.71.25
> 25.71.188.205.IN-ADDR.ARPA domain name pointer dtc-ispns1.ns.aol.com
> [compton ~]$
>
> Uhuh - and I'm going to guess that port 53 is involved.
>
> >Sygate reported the remote MAC address is
> >20-53-52-43-00-00

>
> That's just a lie that your firewall is making up, because it's totally
> clueless. MAC addresses are only found on the local wire - between you
> and the router for example. In this case, the six bytes are ASCII, and
> are the characters 'space', 'S', 'R', 'C', and two nulls.
>
> >Question 2). Does anyone familiar the above IP addresses?

>
> Here's a hint:
>
> >NNTP-Posting-Host: 172.175.230.171

>
> You are with AOL - and those five addresses are name servers for internal
> use. The likely reason you are seeing the traffic is because you are using
> windoze, and it's trying to find who it can "share" your information with.
> Remember that windoze is trying to give you all kinds of wonderful
> "features" that the marketeers think you might need, but they also
> recognize that configuring those would be to hard - so they turn this
> stuff on by default. Aren't they nice?
>
> >I back traced two of the above address,

>
> I'm amazed that this "tool" didn't identify the hostname.
>
> Old guy



 
Reply With Quote
 
Dave
Guest
Posts: n/a
 
      10-01-2004
"KG6VQE" <info<nospam>@thecomputerdood.com> wrote in message news:<5T07d.22589$(E-Mail Removed) .com>...
> With a Linksys Router, you can turn off the ICMP (PING) flag, and that
> prevents the PING command from functioning...Most people scan first using
> the PING command, and therefore makes you somewhat "Invisible". At least
> they have to try harder to scan your machine.
> I also use hardware f/w, as that lets the Firewall get scanned, and not any
> of the internal machines.
> My Watchguard SOHO box allows a SYSLOG to deliver a log that I can
> analyze...that way, you never see the intruder at your machine...just at the
> firewall.



Thanks Old guy and KG6VQE, it is very helpful!
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: How include a large array? Edward A. Falk C Programming 1 04-04-2013 08:07 PM
QueueBrowser not scaning all messages in JMS queue (ie not showing inprogress message thilsen Software 0 07-10-2007 12:27 PM
How can i prevent to connect my wi-fi zone from other uninvited access point? nomenklatura Wireless Networking 3 01-26-2006 11:21 PM
Prevent eccess to other networks Ad Suijkerbuijk Wireless Networking 0 09-15-2005 10:17 AM
File Scaning the Windows Directory Rishi Dhupar Java 0 03-24-2005 09:09 PM



Advertisments