How to prevent other PC from scaning my machine?

Discussion in 'Computer Security' started by Dave, Sep 30, 2004.

  1. Dave

    Dave Guest

    Hi,

    I am new here.

    I have Sygate installed on my PC and the past two weeks, some one scan
    my UDP ports every 1 or 2 minutes. Although Sygate reported bloked
    those traffic, but it still very anoying.

    Question 1). Does someone know how to stop those scaning?

    The scaning PC/PCs IP addresses are:

    64.12.14.82
    64.12.14.81
    205.188.71.21
    205.188.71.22
    205.188.71.25

    Sygate reported the remote MAC address is
    20-53-52-43-00-00

    Question 2). Does anyone familiar the above IP addresses?

    I back traced two of the above address,

    Detail Information of [64.12.14.81]

    OrgName: America Online, Inc.
    OrgID: AMERIC-158
    Address: 10600 Infantry Ridge Road
    City: Manassas
    StateProv: VA
    PostalCode: 20109
    Country: US

    NetRange: 64.12.0.0 - 64.12.255.255
    CIDR: 64.12.0.0/16
    NetName: AOL-MTC
    NetHandle: NET-64-12-0-0-1
    Parent: NET-64-0-0-0-0
    NetType: Direct Assignment
    NameServer: DNS-01.NS.AOL.COM
    NameServer: DNS-02.NS.AOL.COM
    Comment:
    RegDate: 1999-12-13
    Updated: 1999-12-16

    TechHandle: AOL-NOC-ARIN
    TechName: America Online, Inc.
    TechPhone: +1-703-265-4670
    TechEmail:

    # ARIN WHOIS database, last updated 2004-09-28 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.



    And 205.188.71.22

    OrgName: America Online, Inc
    OrgID: AMERIC-59
    Address: 22080 Pacific Blvd
    City: Sterling
    StateProv: VA
    PostalCode: 20166
    Country: US

    NetRange: 205.188.0.0 - 205.188.255.255
    CIDR: 205.188.0.0/16
    NetName: AOL-DTC
    NetHandle: NET-205-188-0-0-1
    Parent: NET-205-0-0-0-0
    NetType: Direct Assignment
    NameServer: DNS-01.NS.AOL.COM
    NameServer: DNS-02.NS.AOL.COM
    Comment:
    RegDate: 1998-04-18
    Updated: 1998-04-27

    TechHandle: AOL-NOC-ARIN
    TechName: America Online, Inc.
    TechPhone: +1-703-265-4670
    TechEmail:

    # ARIN WHOIS database, last updated 2004-09-29 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.

    Need your help!

    Thanks
     
    Dave, Sep 30, 2004
    #1
    1. Advertisements

  2. Dave

    Leythos Guest

    There is no way you can prevent outsiders from scanning your external IP
    address, it's just the what the internet is.

    If you really want to be less accessible by others, get a Linksys NAT
    router and install it between your computer(s) and the internet
    connection. This will act as an inbound barrier device and block
    unsolicited connections at the NAT device - your PC's should never see
    the scans once it's installed.
     
    Leythos, Sep 30, 2004
    #2
    1. Advertisements

  3. Dave

    Moe Trin Guest

    You are connected to the Internet. Sh1t happens. If you want to know
    why, then you'll have to grab some books and start learning about
    networking protocols.
    Well, the obvious answer is to disconnect the box. The second solution
    in this case is to change ISPs. A more likely solution is to review the
    configuration of your computer and see what is triggering this.
    [compton ~]$ host 64.12.14.81
    81.14.12.64.IN-ADDR.ARPA domain name pointer mtc-cache001.edns.aol.com
    [compton ~]$ host 64.12.14.82
    82.14.12.64.IN-ADDR.ARPA domain name pointer mtc-cache002.edns.aol.com
    [compton ~]$ host 205.188.71.21
    21.71.188.205.IN-ADDR.ARPA domain name pointer dtc-cache001.edns.aol.com
    [compton ~]$ host 205.188.71.22
    22.71.188.205.IN-ADDR.ARPA domain name pointer dtc-cache002.edns.aol.com
    [compton ~]$ host 205.188.71.25
    25.71.188.205.IN-ADDR.ARPA domain name pointer dtc-ispns1.ns.aol.com
    [compton ~]$

    Uhuh - and I'm going to guess that port 53 is involved.
    That's just a lie that your firewall is making up, because it's totally
    clueless. MAC addresses are only found on the local wire - between you
    and the router for example. In this case, the six bytes are ASCII, and
    are the characters 'space', 'S', 'R', 'C', and two nulls.
    Here's a hint:
    You are with AOL - and those five addresses are name servers for internal
    use. The likely reason you are seeing the traffic is because you are using
    windoze, and it's trying to find who it can "share" your information with.
    Remember that windoze is trying to give you all kinds of wonderful
    "features" that the marketeers think you might need, but they also
    recognize that configuring those would be to hard - so they turn this
    stuff on by default. Aren't they nice?
    I'm amazed that this "tool" didn't identify the hostname.

    Old guy
     
    Moe Trin, Sep 30, 2004
    #3
  4. Dave

    KG6VQE Guest

    With a Linksys Router, you can turn off the ICMP (PING) flag, and that
    prevents the PING command from functioning...Most people scan first using
    the PING command, and therefore makes you somewhat "Invisible". At least
    they have to try harder to scan your machine.
    I also use hardware f/w, as that lets the Firewall get scanned, and not any
    of the internal machines.
    My Watchguard SOHO box allows a SYSLOG to deliver a log that I can
    analyze...that way, you never see the intruder at your machine...just at the
    firewall.
     
    KG6VQE, Oct 1, 2004
    #4
  5. Dave

    Jay Calvert Guest

    Port 53 is the port for DNS Lookups, its almost like a reply to a lookup.
    Ignore it, it is safe.

    Jay
    http://habaneronetworks.com


     
    Jay Calvert, Oct 1, 2004
    #5
  6. Dave

    Dave Guest


    Thanks Old guy and KG6VQE, it is very helpful!
     
    Dave, Oct 1, 2004
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.