How to prevent other PC from scaning my machine?

Discussion in 'Computer Security' started by Dave, Sep 30, 2004.

  1. Dave

    Dave Guest

    Hi,

    I am new here.

    I have Sygate installed on my PC and the past two weeks, some one scan
    my UDP ports every 1 or 2 minutes. Although Sygate reported bloked
    those traffic, but it still very anoying.

    Question 1). Does someone know how to stop those scaning?

    The scaning PC/PCs IP addresses are:

    64.12.14.82
    64.12.14.81
    205.188.71.21
    205.188.71.22
    205.188.71.25

    Sygate reported the remote MAC address is
    20-53-52-43-00-00

    Question 2). Does anyone familiar the above IP addresses?

    I back traced two of the above address,

    Detail Information of [64.12.14.81]

    OrgName: America Online, Inc.
    OrgID: AMERIC-158
    Address: 10600 Infantry Ridge Road
    City: Manassas
    StateProv: VA
    PostalCode: 20109
    Country: US

    NetRange: 64.12.0.0 - 64.12.255.255
    CIDR: 64.12.0.0/16
    NetName: AOL-MTC
    NetHandle: NET-64-12-0-0-1
    Parent: NET-64-0-0-0-0
    NetType: Direct Assignment
    NameServer: DNS-01.NS.AOL.COM
    NameServer: DNS-02.NS.AOL.COM
    Comment:
    RegDate: 1999-12-13
    Updated: 1999-12-16

    TechHandle: AOL-NOC-ARIN
    TechName: America Online, Inc.
    TechPhone: +1-703-265-4670
    TechEmail:

    # ARIN WHOIS database, last updated 2004-09-28 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.



    And 205.188.71.22

    OrgName: America Online, Inc
    OrgID: AMERIC-59
    Address: 22080 Pacific Blvd
    City: Sterling
    StateProv: VA
    PostalCode: 20166
    Country: US

    NetRange: 205.188.0.0 - 205.188.255.255
    CIDR: 205.188.0.0/16
    NetName: AOL-DTC
    NetHandle: NET-205-188-0-0-1
    Parent: NET-205-0-0-0-0
    NetType: Direct Assignment
    NameServer: DNS-01.NS.AOL.COM
    NameServer: DNS-02.NS.AOL.COM
    Comment:
    RegDate: 1998-04-18
    Updated: 1998-04-27

    TechHandle: AOL-NOC-ARIN
    TechName: America Online, Inc.
    TechPhone: +1-703-265-4670
    TechEmail:

    # ARIN WHOIS database, last updated 2004-09-29 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.

    Need your help!

    Thanks
    Dave, Sep 30, 2004
    #1
    1. Advertising

  2. Dave

    Leythos Guest

    In article <>, yezh99
    @email.com says...
    > I have Sygate installed on my PC and the past two weeks, some one scan
    > my UDP ports every 1 or 2 minutes. Although Sygate reported bloked
    > those traffic, but it still very anoying.
    >
    > Question 1). Does someone know how to stop those scaning?


    There is no way you can prevent outsiders from scanning your external IP
    address, it's just the what the internet is.

    If you really want to be less accessible by others, get a Linksys NAT
    router and install it between your computer(s) and the internet
    connection. This will act as an inbound barrier device and block
    unsolicited connections at the NAT device - your PC's should never see
    the scans once it's installed.

    --
    --

    (Remove 999 to reply to me)
    Leythos, Sep 30, 2004
    #2
    1. Advertising

  3. Dave

    Moe Trin Guest

    In article <>, Dave wrote:
    >I have Sygate installed on my PC and the past two weeks, some one scan
    >my UDP ports every 1 or 2 minutes. Although Sygate reported bloked
    >those traffic, but it still very anoying.


    You are connected to the Internet. Sh1t happens. If you want to know
    why, then you'll have to grab some books and start learning about
    networking protocols.

    >Question 1). Does someone know how to stop those scaning?


    Well, the obvious answer is to disconnect the box. The second solution
    in this case is to change ISPs. A more likely solution is to review the
    configuration of your computer and see what is triggering this.

    >The scaning PC/PCs IP addresses are:
    >
    >64.12.14.82
    >64.12.14.81
    >205.188.71.21
    >205.188.71.22
    >205.188.71.25


    [compton ~]$ host 64.12.14.81
    81.14.12.64.IN-ADDR.ARPA domain name pointer mtc-cache001.edns.aol.com
    [compton ~]$ host 64.12.14.82
    82.14.12.64.IN-ADDR.ARPA domain name pointer mtc-cache002.edns.aol.com
    [compton ~]$ host 205.188.71.21
    21.71.188.205.IN-ADDR.ARPA domain name pointer dtc-cache001.edns.aol.com
    [compton ~]$ host 205.188.71.22
    22.71.188.205.IN-ADDR.ARPA domain name pointer dtc-cache002.edns.aol.com
    [compton ~]$ host 205.188.71.25
    25.71.188.205.IN-ADDR.ARPA domain name pointer dtc-ispns1.ns.aol.com
    [compton ~]$

    Uhuh - and I'm going to guess that port 53 is involved.

    >Sygate reported the remote MAC address is
    >20-53-52-43-00-00


    That's just a lie that your firewall is making up, because it's totally
    clueless. MAC addresses are only found on the local wire - between you
    and the router for example. In this case, the six bytes are ASCII, and
    are the characters 'space', 'S', 'R', 'C', and two nulls.

    >Question 2). Does anyone familiar the above IP addresses?


    Here's a hint:

    >NNTP-Posting-Host: 172.175.230.171


    You are with AOL - and those five addresses are name servers for internal
    use. The likely reason you are seeing the traffic is because you are using
    windoze, and it's trying to find who it can "share" your information with.
    Remember that windoze is trying to give you all kinds of wonderful
    "features" that the marketeers think you might need, but they also
    recognize that configuring those would be to hard - so they turn this
    stuff on by default. Aren't they nice?

    >I back traced two of the above address,


    I'm amazed that this "tool" didn't identify the hostname.

    Old guy
    Moe Trin, Sep 30, 2004
    #3
  4. Dave

    KG6VQE Guest

    With a Linksys Router, you can turn off the ICMP (PING) flag, and that
    prevents the PING command from functioning...Most people scan first using
    the PING command, and therefore makes you somewhat "Invisible". At least
    they have to try harder to scan your machine.
    I also use hardware f/w, as that lets the Firewall get scanned, and not any
    of the internal machines.
    My Watchguard SOHO box allows a SYSLOG to deliver a log that I can
    analyze...that way, you never see the intruder at your machine...just at the
    firewall.
    KG6VQE, Oct 1, 2004
    #4
  5. Dave

    Jay Calvert Guest

    Port 53 is the port for DNS Lookups, its almost like a reply to a lookup.
    Ignore it, it is safe.

    Jay
    http://habaneronetworks.com


    "Moe Trin" <> wrote in message
    news:...
    > In article <>, Dave wrote:
    > >I have Sygate installed on my PC and the past two weeks, some one scan
    > >my UDP ports every 1 or 2 minutes. Although Sygate reported bloked
    > >those traffic, but it still very anoying.

    >
    > You are connected to the Internet. Sh1t happens. If you want to know
    > why, then you'll have to grab some books and start learning about
    > networking protocols.
    >
    > >Question 1). Does someone know how to stop those scaning?

    >
    > Well, the obvious answer is to disconnect the box. The second solution
    > in this case is to change ISPs. A more likely solution is to review the
    > configuration of your computer and see what is triggering this.
    >
    > >The scaning PC/PCs IP addresses are:
    > >
    > >64.12.14.82
    > >64.12.14.81
    > >205.188.71.21
    > >205.188.71.22
    > >205.188.71.25

    >
    > [compton ~]$ host 64.12.14.81
    > 81.14.12.64.IN-ADDR.ARPA domain name pointer mtc-cache001.edns.aol.com
    > [compton ~]$ host 64.12.14.82
    > 82.14.12.64.IN-ADDR.ARPA domain name pointer mtc-cache002.edns.aol.com
    > [compton ~]$ host 205.188.71.21
    > 21.71.188.205.IN-ADDR.ARPA domain name pointer dtc-cache001.edns.aol.com
    > [compton ~]$ host 205.188.71.22
    > 22.71.188.205.IN-ADDR.ARPA domain name pointer dtc-cache002.edns.aol.com
    > [compton ~]$ host 205.188.71.25
    > 25.71.188.205.IN-ADDR.ARPA domain name pointer dtc-ispns1.ns.aol.com
    > [compton ~]$
    >
    > Uhuh - and I'm going to guess that port 53 is involved.
    >
    > >Sygate reported the remote MAC address is
    > >20-53-52-43-00-00

    >
    > That's just a lie that your firewall is making up, because it's totally
    > clueless. MAC addresses are only found on the local wire - between you
    > and the router for example. In this case, the six bytes are ASCII, and
    > are the characters 'space', 'S', 'R', 'C', and two nulls.
    >
    > >Question 2). Does anyone familiar the above IP addresses?

    >
    > Here's a hint:
    >
    > >NNTP-Posting-Host: 172.175.230.171

    >
    > You are with AOL - and those five addresses are name servers for internal
    > use. The likely reason you are seeing the traffic is because you are using
    > windoze, and it's trying to find who it can "share" your information with.
    > Remember that windoze is trying to give you all kinds of wonderful
    > "features" that the marketeers think you might need, but they also
    > recognize that configuring those would be to hard - so they turn this
    > stuff on by default. Aren't they nice?
    >
    > >I back traced two of the above address,

    >
    > I'm amazed that this "tool" didn't identify the hostname.
    >
    > Old guy
    Jay Calvert, Oct 1, 2004
    #5
  6. Dave

    Dave Guest

    "KG6VQE" <info<nospam>@thecomputerdood.com> wrote in message news:<5T07d.22589$>...
    > With a Linksys Router, you can turn off the ICMP (PING) flag, and that
    > prevents the PING command from functioning...Most people scan first using
    > the PING command, and therefore makes you somewhat "Invisible". At least
    > they have to try harder to scan your machine.
    > I also use hardware f/w, as that lets the Firewall get scanned, and not any
    > of the internal machines.
    > My Watchguard SOHO box allows a SYSLOG to deliver a log that I can
    > analyze...that way, you never see the intruder at your machine...just at the
    > firewall.



    Thanks Old guy and KG6VQE, it is very helpful!
    Dave, Oct 1, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ad Suijkerbuijk

    Prevent eccess to other networks

    Ad Suijkerbuijk, Sep 15, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    857
    Ad Suijkerbuijk
    Sep 15, 2005
  2. =?Utf-8?B?REpheS1a?=

    Machine type other than the current machine?

    =?Utf-8?B?REpheS1a?=, Aug 16, 2005, in forum: Windows 64bit
    Replies:
    7
    Views:
    11,838
  3. =?Utf-8?B?UHJpbnRlbXBz?=

    valid, but is for a machine type other than the curent machine.

    =?Utf-8?B?UHJpbnRlbXBz?=, Nov 5, 2005, in forum: Windows 64bit
    Replies:
    3
    Views:
    1,445
    Charlie Russel - MVP
    Nov 5, 2005
  4. =?Utf-8?B?Sm9obiBEeWVy?=

    Win32 install error "for a machine type other than current machine

    =?Utf-8?B?Sm9obiBEeWVy?=, May 8, 2007, in forum: Windows 64bit
    Replies:
    4
    Views:
    1,600
    John Barnes
    May 10, 2007
  5. thilsen
    Replies:
    0
    Views:
    1,038
    thilsen
    Jul 10, 2007
Loading...

Share This Page