PC experts: My firewall keeps telling me I'm being scanned... what to do???
 

Ok at least every day, once a day I get a message that a certain IP scanned my ports and that the firewall has banned him for 3 mins. After the 3 mins. I get the message that the block has been lifted and that I should watch if anything suspicious happens.

These scans occur everyday... what can I do to prevent this or take counter measures???

that's normal... and nothing to worry about for the most part. There are constantly servers out there doing surveys (checking for servers, surfers, networks, etc) that do scans, there's DNS's checking stuff... there's.... any number of things. So yes, you'll always have those alerts coming in.

Also, there are virus' out there that look for vulnerable computers... and your firewall just blocked it (if it is)... so don't worry about it. Chances are it's an automated thing and not some person out there who's out to get you.

Thanks Stuart, it got me worried coz this did not happen before and I thought someone was out to hack me. If my firewall tells me the IP could I trace it somehow?

The fact that your firewall is telling you about it means that the scan was unsuccessful. Be careful using "traceback" type tools that may be in your firewall program, they can confirm your existence when previously the person scanning had no clue your computer was there.

This is true.

I have no traceback option in my firewall, but I am interested to know who or what's behind the scanning IP

If you're using ZoneAlarm, here's a tool that offers extended analysis of your logs and has lookup and backtrace features

http://visualize.phenominet.com/visu...visualzone.htm

no actually I use Bullguard (BullGuard.com), it's not very wellknown but it is an excellent piece of sotware... at least better than any Norton or McAfee package
:thumbsup

I love it when Norton says ICMP PING/SCAN Or hack attemped has come from ip address 127.0.0.1

I am like WTF.. Shut up stupid firewall :-x

Maybe you can blacklist the IP.. ! :D

nothing to be worried about

Assuming you're on a cable modem or DSL, it is best to get a hardware-based router, and then place that between your computer and the internet. You'd be able to also share the connection. Assuming the router is setup properly, those scans would be of the router, and not your PC. A router can be had for under $50 these days.

You can do a quick scan of your PC from the internet via "Shields Up" at:

http://www.grc.com/

On my router, all ports are closed, so the scan shows no vulnerabilities.

I learned how to format and reinstall courtesy of Norton:winkwink:

Thanks for the url, I'm gonna scan right away

haha I know exactly what you mean! Amazing how crappy software compensated by a big marketing budget make you the market leader.

Oh hell what am I talking about... just look at the OS I'm running :disgust

great I'm all covered, thanks for the link again!