cancel
Showing results for 
Search instead for 
Did you mean: 

Port scanning from my IP?

N/A

Port scanning from my IP?

Hi all, a little help please.

Received from plusnet:

<snip>
Dear Customer,
We have received reports that a PC using your IP address has been scanning other networks looking for vulnerable ports.
The most likely explanation for this is that you are infected with a virus. Please disinfect your system, and then inform us using the Contact Us feature
<snip>

Now I have 3 computers behind my router, with the built-in firewall enabled, all have XP with automatic updates, AVG kept updated, and I've checked each one with Spybot and Ad-aware.

How can I find where this port scanning is coming from? I can find all sorts of tests for open ports on Google, but I can't find a way to see what could be outgoing?

I'm probably missing something obvious, but help would be appreciated.

The router is a cheap Conexant unit, and there isn't any useful logging that I can find.

:edit: I'm using the default XP SP2 firewall on all computers.

Peter
6 REPLIES
Community Veteran
Posts: 4,729
Registered: 04-04-2007

Port scanning from my IP?

netstat


Will list the open network sessions.

Chilly
N/A

Port scanning from my IP?

Ok. Done that, it's showing me some TCP ports open to webpages etc. that I'm browsing, and pop3 from my email, but then there's a list of ports as below:

TCP peternew:1055 localhost:1056 ESTABLISHED
TCP peternew:1056 localhost:1055 ESTABLISHED
TCP peternew:1065 localhost:1066 ESTABLISHED
TCP peternew:1066 localhost:1065 ESTABLISHED
TCP peternew:1347 localhost:10110 TIME_WAIT
TCP peternew:10110 localhost:1351 TIME_WAIT

Sorry, but it doesn't mean much to me! Could you point me in the right direction please?

Thanks for helping!

Peter
N/A

Port scanning from my IP?

Bah. I'm just lazy....

Googled Netstat port list and it's returned some lovely information. Time to work my way through them.

Thanks!

Peter
N/A

Also Try running

get tcpview from www.sysinternals.com its a nice graphical version of netsta that also shows what process has open ports.

its very good for finding malware on the machine its run on.


www.sysinternals.com
N/A

Port scanning from my IP?

Thank you: looks like some good utilities on that site: I'll check them out later.

Peter
bobgidden
Grafter
Posts: 107
Registered: 30-07-2007

Port scanning from my IP?

I'm not criticising *you*, but rather Micro$not! You can't rely on the M$ XPsp2 firewall to stop stuff going *out* at all, but a free FW such as Zonealarm free edition (version 4.5 would do the job well) would block unauthorised *outgoing* traffic too (unless the virus was nasty enough to grok it!)

Of course, if you do this, the method should be:
1) Download ZA installer
2)Unplug network
3)Disable M$ FW
4)Install ZA
5)Reboot and plug in network

HTH

BobG