PORTSCANS

Jan212 · Post by **Jan212** » Wed 5. May 2004, 21:05

Does anybody else noticed or notice PORTSCANS on TCP ports:
2745, 135, 1025, 445 and 3127 ???
i have them till 50times a day from different ip's in my neighbourhood...

brans · Post by **brans** » Wed 5. May 2004, 21:39

it's possible that they are coming from the new Virus released on May 1. ?

Jan212 · Post by **Jan212** » Wed 5. May 2004, 22:02

don't think so but i've noticed exploits on the lsass.exe and ipnat.sys, and the scans begann before- but it#s mysterious that they are only coming from neighbourhood ips

pSouper · Post by **pSouper** » Wed 5. May 2004, 23:56

here's a port list and why they may be scanned..
http://lists.gpick.com/portlist/portlist.htm
a noticable clue is 135: W32.Blaster.Worm, W32/Lovsan.worm

and this is interesting...
http://www.parkerpc.com/reference/trojanports.html

i hope you run a nice firewall

you will not be able to stop the 'incomming' just protect your self well my friend

Paradroid · Post by **Paradroid** » Thu 6. May 2004, 10:27

Hi Jan,

as pSouper said, these are "classical" trojan ports. There seems to be a freshly infected computer or network in your neighborhood ....

i'll take a look at my firewalls activity

cu

Achim

Jan212 · Post by **Jan212** » Thu 6. May 2004, 14:54

my firewall is active all the time, but the system i work on is complete new... but xp alone is a damn security whole

- i am using the bat! as e-mail client and avast antivirus... as desktop fw i have sygate pro