Multiple Probes

[Robyn]

Hi everyone,

I don't know if anyone can help me but for the past 2 days our computer (on a DSL connection) has been constantly (and I do mean constantly) hit with TCP port probes. We're using BlackICE. We've tried turning the computer off, but it still happens. I downloaded a Napster like program a couple of days ago (LimeWire) and uninstalled it after the problem started but it continued. Then I downloaded Morpheus and it still happens. The probes are all from the same user (I think?).

Any ideas on how to stop it? It's getting a little annoying with the warning going off constantly!

Thanks!

[trent]

Without knowing what ports are being scanned, it's difficult to say. Some connections are benign, some are not.

If it's the same machine (or two) constantly trying to connect to port 137, it may be telus' Nameserver asking your machine what it calls itself. Ask tech support if that IP address is their nameserver. If it is, configure your firewall to reject the connection from that server, on port 137, without warning you. (do NOT reject all ports from that server, you won't be able to use the internet if you do).

If it's port 27374, someone out there may think you've installed a trojan called SubSeven. I'm getting scanned on 27374 about 10-20 times a day, and I'm not even running an operating system that SubSeven will run under.
If it's port 27374 and you're running a MS Windows 95/98/ME/2k/NT system, you can probably get a test/disinfect for subseven from any respectable AntiVirus site. Make sure you get it from a WELL KNOWN Antivirus site, you don't want to install anything else by accident.

If it's a scan on ALL ports (or a lot of ports) someone may be running nmap or nessus on you. If so they are probably trying to find a way to crack your machine. Ask telus tech support what to do, they'll probably ask you to send your firewall log somewhere (ie abuse@{some ISP})