Constant Portscan, HELP!

Status
Not open for further replies.
J

James

Baseband Member
Messages
99
Im having a constant portscan from a network address in my company that is unknown to me. Need to know the computer name of the source. Is there any ways to find out about it? Please help... tks.
 
Portscan Relief

First of all, I suggest you close all open ports, which are often dormant.

Second, There is a program I will recommend.

|| Lockdown200

http://www.lockdown2000.com

Why?

Because this will give you the IP of the computer which is running the portscan program, and so with that you should be able to critically understand how IPs are assigned and figure out the computer. Could be a virus too.
 
windows based machines :
at a command prompt :
tracert ipaddress

Linux : /usr/sbin/traceroute ipaddress
 
have you ran the patch for the blaster worm, Also it could just be your ISP. A lot of those are just broad cast scans and not directed at your computer.
 
I managed to find out that its my domain controller of the company that is doing the portscan, however, a check with the documentation reveal that it shouldnt take place at all. Obviously, its a manual attempt by some unknown personality in the company.

Also, the following things took place whilst this portscan was initiated.

A jolk attack was detected by my firewall in the LAN.
A fragment attack was also detected.
My Laptop was bugcheck.
After 1 hr of failed attempt to portscan me, my LAN was disabled.

I just joined the company as a system administrator a few weeks ago and the domain controller is in my control.... yet, such things happened. THus, i suspect it to be an insider job. Is it possible for me to detect the person who is using the server to do the portscan? Also, im aware of some programmes where you can reboot the computer from a network plus banning the MAC. Is there any methods of policy which i could configure to prevent all these from happening?

My main suspicion is a hacker from an external network who may have gained control to my DC...
 
I suggest you install some firewall software on that server that will monitor inbound and outbound traffic. I suggest you try Kerio Personal Firewall. That way you can monitor the portscans and disable the computer's ability to send them.
 
well win2k should have a netowrk monitor built in which is basivclly a packet sniffer. So you should be able to watch the network and se where everything is coming from.


for a better network monitor and what not you can always install SMS 2.0
 
Im sorry, not quite clear abt wht you had said. Disable who's computer to send wht? As at current, im using Mcafee Firewall V3.0, and is picking up those intruders traffics. NetMon by MS aint that good. Where can i find that SMS2.0?
 
Status
Not open for further replies.

Similar threads

A
HELP!
Replies
0
Views
282
arncap
A
R
dell 9310 why so hard to upgrade windows?
Replies
5
Views
781
raverx3m
R
R
Help for my homelab
Replies
1
Views
589
PP Mguire
PP Mguire
M
How to control Siemens LOGO PLC through mobile network (4G, 5G...)?
Replies
1
Views
948
Antonio Turner
A
O
hello & mostly clueless & would appreciate mac security help after trojan attack!
Replies
0
Views
931
once2023
O
Back
Top Bottom