I'm being portscanned

Discussion in 'Computer Support' started by phadeb, Nov 8, 2011.

  1. phadeb

    phadeb

    Joined:
    Nov 8, 2011
    Messages:
    2
    Hello everybody, this is my first post :D

    I'm presently being portscanned on the same port almost (2977) by different IP's, presumably proxy's or a botnet.

    1 - What should I do
    2 - If I can do something like reporting, How could I mass report

    Some intelligence on the IP's showed many different country's and ISP's, so I can't spend all my time single mailing every each abuse mail for each IP's ISP.

    Code:
    07/11/2011 23:08:48	Detected Port Scanning attack	87.212.13.117:55680	localhost:2977	TCP			
    07/11/2011 21:42:23	Detected Port Scanning attack	95.211.139.146:61644	localhost:2977	TCP			
    07/11/2011 16:59:59	Detected Port Scanning attack	213.109.112.163:63206	localhost:27580	TCP			
    07/11/2011 16:59:15	Detected Port Scanning attack	81.70.255.243:54718	localhost:2977	TCP			
    07/11/2011 16:58:13	Detected Port Scanning attack	80.56.94.166:50754	localhost:2977	TCP			
    07/11/2011 16:56:14	Detected Port Scanning attack	85.164.242.140:25308	localhost:2977	TCP			
    07/11/2011 16:54:27	Detected Port Scanning attack	79.36.234.169:58835	localhost:2977	TCP			
    07/11/2011 16:45:33	Detected Port Scanning attack	81.100.208.94:41334	localhost:2977	TCP			

    The ESET Security Suite Firewall.

    Some Intel.

    Code:
    1	87.212.13.117	Succeed	Netherlands	TELE2-CONSUMER-2	Tele2 Consumer is one of the largest ISP\'s in the Netherlands	87.212.0.0	87.212.63.255	Yes	ZONnet Administrator	Hullenbergweg 101, 1101 CL Amsterdam Zuidoost, the Netherlands	andre.zantingh@tele2.com	abuse@versatel.net	+31 (0)20 7501000	+31 (0)20 7507750	RIPE NCC		ip117-13-212-87.adsl2.static.versatel.nl	
    2	95.211.139.146	Succeed	Netherlands	LEASEWEB	LeaseWeb	95.211.136.192	95.211.141.191	Yes	RIP Mean	P.O. Box 93054, 1090BB AMSTERDAM, Netherlands	ripe@leaseweb.com	abuse@leaseweb.com	+31 20 3162880	+31 20 3162890	RIPE NCC		vpn.server.com	
    3	213.109.112.163	Succeed	Netherlands	NL-NETVISIT	Netvisit B.V.	213.109.112.0	213.109.127.255	Yes	H Huising	Locomobielstraat 8, 9641 MB Veendam			+31 (0)598 626417		RIPE NCC		host-112-163.kabel.netvisit.nl	
    4	81.70.255.243	Succeed	Netherlands	ONLINE-ADSL-KW	Static IP addresses of Online Wholesale ADSL users	81.70.192.0	81.70.255.255	Yes	EuroNet Internet Administrative Role Account	Online Breedband B.V., Network Operations, Muiderstraat 1, 1011 PZ Amsterdam, The Netherlands	dl-ripe@is.online.nl	abuse@abuse.online.nl	+31 20 535 5555	+31 20 535 5400	RIPE NCC		s5146fff3.adsl.wanadoo.nl	
    5	80.56.94.166	Succeed	Netherlands	UPC-NL	CPE Customers NL	80.56.94.0	80.56.94.255	Yes	Hostmaster Chello Broadband	UPC Broadband, Internet Services, Erlachgasse 116, A-1100 Vienna, Austria	hostmaster@chello.at	abuse@upc.nl	+43 1 96068 5000	+43 1 96068 5666	RIPE NCC		f94166.upc-f.chello.nl	
    6	85.164.242.140	Succeed	Norway	NO-TELENOR-DSL-3	Telenor Business Solutions AS	85.164.0.0	85.164.255.255	Yes	Sivert Engeseth	Telenor Networks AS, Snaroyveien 30, N-1331 Fornebu, Norway	siarneng@telenor.net	abuse@telenor.net	+47 67 89 00 00		RIPE NCC		ti0004a380-3458.bb.online.no	
    7	79.36.234.169	Succeed	Italy	TELECOM-ADSL-POOL	NAS DHCP Pool Pescara	79.36.128.0	79.36.255.255	Yes	BBBEASYIP STAFF	MDBLAB, Via Val Cannuta, 250, I-00100 Roma, Italy			+39 06 36881		RIPE NCC		host169-234-dynamic.36-79-r.retail.telecomitalia.it	
    8	81.100.208.94	Succeed	United Kingdom	INFRASTRUCTURE	NTL Infrastructure - Acton	81.100.192.0	81.100.223.225	Yes	NTLI Network Management Centre	NTL Internet, Crawley Court, Winchester, Hampshire, SO21 2QA	pim@virginmedia.co.uk		+44 1633710142		RIPE NCC		cpc5-acto3-2-0-cust93.4-2.cable.virginmedia.com	
    
    phadeb, Nov 8, 2011
    #1
    1. Advertising

  2. phadeb

    nimd4

    Joined:
    Apr 10, 2009
    Messages:
    20
    Location:
    Belgrade, Serbia
    Whoa, stress..:( So, what happened, any news?!??
    nimd4, Nov 17, 2011
    #2
    1. Advertising

  3. phadeb

    phadeb

    Joined:
    Nov 8, 2011
    Messages:
    2
    Seemed like a random portscan as the billions that happen continuously on the internet.

    They ceased 24h later. I'm curious to know though what type of malware hides in port 2977 specifically.
    phadeb, Jan 12, 2012
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?dGhlIGJyYWQ=?=

    Being kicked off every 5 min...

    =?Utf-8?B?dGhlIGJyYWQ=?=, Aug 8, 2004, in forum: Wireless Networking
    Replies:
    1
    Views:
    681
  2. Themus
    Replies:
    1
    Views:
    705
  3. =?Utf-8?B?Qm9iIFM=?=

    Internal wireless network card not being recognized

    =?Utf-8?B?Qm9iIFM=?=, Jan 19, 2005, in forum: Wireless Networking
    Replies:
    2
    Views:
    728
    =?Utf-8?B?am9obg==?=
    Jan 20, 2005
  4. silvus

    strongest AP not being chosen

    silvus, Mar 7, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    558
    Chris Gual [MSFT]
    Mar 7, 2005
  5. =?Utf-8?B?dHJpcHB3d2Y=?=

    Can I block specific networks from being detected

    =?Utf-8?B?dHJpcHB3d2Y=?=, May 13, 2005, in forum: Wireless Networking
    Replies:
    6
    Views:
    640
    Jerry Peterson[MSFT]
    May 31, 2005
Loading...

Share This Page