What do you do with the information gotten from a trace on an attempted port scan? This one came from Seoul, Korea.

Mimi

'When we stop learning, we die.'

You can't do anything basically. It just lets you know who is scanning your pc to try and get in. Put up a firewall. If it says they attempted to get in and they didn't suceed, that means your firewall is up. You should have firewall in your virus protection program or else you can buy a firewall program.

The important thing like PC Spec. said, is that your firewall is in place and working well. While I am not a fan of software firewalls, it is something to help fight the BS.

The biggest thing we face while fighting this stuff is the attempts comming from over sea's. If I think I can get ahold of someone that speaks english, then I will do my best to contact them and see if we can nail someone for their attrempts or in some cases success. But my dealings with Korea have been very unsuccessful and this is something we just have to live with...for now.

Rob

I guess I should have copied it all down - but there were 4 pages of info - most of which was like trying to read Greek - anyway the computer that tried to break in was in Seoul, but the company that owned the computer was in Austrailia.

The firewall was up - that's how I caught it - a little box comes up that says that someone has attempted a port scan and to 'click here' if I want to trace it, or I can delete the box.

Mimi

'When we stop learning, we die.'

They've been busy today - 3 tries since 7PM CDT - 1]'unknown' from Sao Paulo. 2] a long # then .mrse.com.ar from Moron. 3] a long # then .dsl-rtr1.man.verizon-gni-net from Newark.

My firewall gives the Name, IP#, Location, and Network. Is there somebody I can send this stuff to?

Mimi
'When we stop learning, we die.'

I suggest uce@ftc.gov that's a govt agency that will keep records of them and the same for spamming..there's an article on it around here somewhere--saw it the other day. if you get the email addy--email them and tell them you have their isp and then give them their isp--that might scare them off. If you have cable, report it to your cable company--they might be able to help.

Thank you.

Will giving them my email address give me any problems? I think it would be on any email I sent the scanners?

Mimi
'When we stop learning, we die.'

The FTC only wants to hear about consumer fraud and crap like that, so unless its a problem with a eBay transaction, that dont count on much with that email except for a redirect to /dev/null.

Thats my .02
But thats something I plan to address when I have a meeting with a Special Agent from the
Computer Crime Investigative Unit out of Fort Belvoir.

Rob

mac guy - Are you serious about the meeting? Because the one from Korea and the two from South America don't bother me near as much as the one from Newark [and a company name I recognize] and another one from the same company but a different location [north of Newark] and different IP#'s.

Even though it was probably just a general scan [I mean one kind of sent out to see what turns up], I can't figure out what they could possibly want with anything in my computer. This stuff could really make a person paranoid.

Mimi
'When we stop learning, we die.'

I am very serious about this meeting... This is my job.
But I wont bother him with port scans.. its not illegal just yet.
We have a few big fish to fry in my local area.
But I do want to ask him about the complaints people send in... just to see what he says.


Rob

No, I wouldn't bother him with that either - they seem to be like a phone survey or something like that - they are just sending out a signal to see what's out here. [That is a guess - I really don't know how any of this works.]

I am just a little concerned about the two scans from the USA - one gave me details right down to email and phone number for the tech running the computer - plus a GPS [?] on the location of the final computer - the second one went 'unknown' but I have a location and company name.

Mimi
'When we stop learning, we die.'

I did email the 'tech' turned up by the trace that went to NJ. I was scanned on Saturday and emailed them on Sunday - haven't been scanned since [or if I have, I haven't been notified by the firewall].

Mimi
'When we stop learning, we die.'

quote:

---

Originally posted by AmPugs:
I did email the 'tech' turned up by the trace that went to NJ. I was scanned on Saturday and emailed them on Sunday - haven't been scanned since [or if I have, I haven't been notified by the firewall].

Mimi
'When we stop learning, we die.'

---

I wonder if they can do something about that. Please post if they let you know. That happens to me all the time too!!

Computer Newbie - I've been writing down the info from the traces. I've gotten email addresses for several. I emailed them and asked: "Why did you run a port scan on my computer on [date] at [time]." I have heard nothing back from any of them. I sent the emails last Sunday[early AM] - and haven't been scanned since by anyone [that the computer caught anyway].

Mimi
'When we stop learning, we die.'

Just an update - 2 more days and still no port scans that my computer caught. Maybe the email route worked???

Mimi
'When we stop learning, we die.'

Scans stopped for almost a week - only a couple of hours shy. This time from a school. The location of the last computer was in the NE corner of the Utah panhandle.

Verrrry Interrresting.

Mimi
'When we stop learning, we die.'