Avatar
Please consider registering
guest
sp_LogInOut Log Insp_Registration Register
Register | Lost password?
Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
sp_Feed Topic RSSsp_topic_old
Yahoo and Google scanning my ports
Avatar
coolczone
Member
Members
December 26, 2010 - 6:39 am
Member Since: April 24, 2010
Forum Posts: 39
sp_UserOfflineSmall Offline

Hi guys,
recently I am dealing with a big issue. My IP has been scanned several times by Google and Yahoo. I looked up the scanning IP' s with whois and what came up it was this IP 74.125.79.104 related to Google and some more from the range 74.6.0.0 - 74.6.255.255 (Yahoo) and 74.125.0.0 - 74.125.255.255 (Google). Do you know of any reasons why this is happening? I am using Outpost firewall Pro so if I am blocking this IP' s range I will end up having no access to search engines. All http sites are working correctly. I could allow them I guess, but I am wondering how this fits up with my security and whether this scanning thing is something normal or it is illegal.

Avatar
Jim Hillier
Admin
December 26, 2010 - 9:17 am
Member Since: August 9, 2011
Forum Posts: 2709
sp_UserOfflineSmall Offline

Hey coolczone,

Is this happening mostly shortly after disconnecting from a browser or webmail?

How long have you had the Outpost Firewall installed for?

Will the firewall provide details of what ports are being used by these IP's? If so, post the numbers here, that may help diagnose.

The way I see it, there are two main possibilities:

1) Your machine is actually being attacked by someone/something spoofing the IP addresses......not very likely.

2) These are orphaned or delayed packets which would (normally) simply be discarded but your firewall is being a tad over zealous and reporting these incidents. I think this is the most likely scenario.

If your connection was being saturated that would be more in keeping with an actual "attack", but seeing this is only happening here and there it is unlikely there is anything to worry about.

Cheers....Jim

Avatar
coolczone
Member
Members
December 26, 2010 - 2:10 pm
Member Since: April 24, 2010
Forum Posts: 39
sp_UserOfflineSmall Offline

Hi ozbloke,
thanks for helping me out. I have Outpost installed for 3 years, not meaning by this that I am a pro user, I am more of a try and see what is happening guy. The problems started after I increased the security level to Maximum for Attack Detection. This was just temporary , but now I am dealing with this issue even if my Attack Detection is set to Optimal. I also had the scanning Ip to be blocked for the maximum period of time since this is something happening on a regular basis for my last 2 weeks. I cleared recently my log files so the IP' s I am providing are not all of those that scanned my network.
Ok, now this being told here are the bad guys: 74.125.79.104 and 74.125.79.10 for the moment and I am having another one from my country that just started.
1:18:08 PM 74.125.79.104 Host blocked for 60 min SCAN (38412, 58124, 57868, 59916, 60684, 60940, 61196)
12:51:52 PM 74.6.238.254 Host blocked for 60 min SCAN (49670, 51206, 51462, 51718, 51974, 52230, 52742)
6:16:58 PM 193.231.255.77 Host blocked for 60 min SCAN (58128, 60688, 64784, 1553, 15889, 22801, 23057)
4:47:44 PM 193.231.255.77 Host blocked for 60 min SCAN (44037, 45573, 48645, 48389, 48901, 51205, 51717).
Blocking the Google IP's will let me with no favorite search engine. When this it happens, it is followed usually another IP scanning (Yahoo) and I have to drop Yahoo Search as well.

Thank you again

Avatar
Jim Hillier
Admin
December 26, 2010 - 6:56 pm
Member Since: August 9, 2011
Forum Posts: 2709
sp_UserOfflineSmall Offline

Hey coolczone - OK, first two IP addresses are definitely coming up Google and Yahoo. The bottom two though are leading me to site in Romania which is reported to be running an automated forum spambot script.

This is now getting outside my realm of expertise/knowledge. I'm going to pass on this information to Dave and Ziggie and see what they can come up with.....stand by!

In the meantime will you please answer the following question to help with diagnosis:

How are you connecting to the internet; DSL, cable, ethernet, wireless????

Sorry I couldn't be more help,
Cheers.....Jim

Avatar
coolczone
Member
Members
December 27, 2010 - 2:05 am
Member Since: April 24, 2010
Forum Posts: 39
sp_UserOfflineSmall Offline

Hi JIm,
My connection is cable and I am using my laptop. I am not sure if the same IP, s were scanning me at some other location, I will try and see if this happens again in a short trip that I am planning. What if the same IP' s are scanning me in some other place?
thank you,
Ciprian

Avatar
Jim Hillier
Admin
December 27, 2010 - 2:51 am
Member Since: August 9, 2011
Forum Posts: 2709
sp_UserOfflineSmall Offline

Ciprian, I don't think the scanning will stop simply because you change your location, I imagine the scanning would be specific to your IP address.

I wouldn't be worrying too much about this mate, there are hundreds of automated bots constantly roaming the net actively seeking out somewhere to scan. I seriously doubt this is connected in any way with malware.

If it will help put your mind more at ease, why not run scans anyway....any resident security plus an on demand scanner like Malwarebytes Anti-Malware or SUPERAntiSpyware will do fine. If they do not find anything, it is most likely your system is clean.

Hopefully Dave or Ziggie will chime in soon with some better informed comments.

Cheers.....Jim

Avatar
David Hartsock
Admin
December 27, 2010 - 10:26 am
Member Since: August 7, 2011
Forum Posts: 1117
sp_UserOfflineSmall Offline

In the grand scheme of things it is great that you 1) noticed something like this, and 2) came looking for help, but in reality it is really nothing to worry about.

I'm guessing you don't have a router between your modem and computer. As such your computer literally "sits" on the internet and is visible to every other device on the internet. This means any device, or computer, can [i:2yxifgzm]attempt[/i:2yxifgzm] to directly access your computer and there are many out there that will try. The good news is that your firewall is blocking any attempt to access your computer that wasn't initiated by you. The bad news is that this can slow down your internet connection because each communication actually makes it to your computer and then your firewall must deal with each packet. Most recommend a router between the modem and computer, and Ken, or security guru, has also mentioned this in the past. Most routers perform many fuctions, but the two most important (in my opinion) are NAT(Network Address Translation) and a hardware firewall (often called a Stateful Packet Inspection firewall). You can read his article about [url=http://www.davescomputertips.com/articles/security/golden_rules_of_computer_security_2.php:2yxifgzm]NAT in Ken's article[/url:2yxifgzm]. Stateful Packet Inspection means that the router examines each packet sent to your IP. If the communication wasn't initiated by a computer on your network the packet is dropped immediately. No muss. No fuss. If the packet is in response to a request (go to this web page, etc) from a computer on your network the packet goes through.

Avatar
coolczone
Member
Members
December 28, 2010 - 7:34 am
Member Since: April 24, 2010
Forum Posts: 39
sp_UserOfflineSmall Offline

Hi guys,
Thank you all for your help.
I will definitively look int to the router thing to sped up my browsing capabilities and increase my security. I am grateful for your help, still I have another questions.
1.Should I allow Google and Yahoo to scan my Ip's ( create rule in Outpost for them)? If the answer is yes, in what way this will affect my security?
2. Is a resident firewall still needed in case I will go for the router protection?
Thanks again, and Happy New Year! to all of you.
Ciprian

Avatar
Jim Hillier
Admin
December 28, 2010 - 1:49 pm
Member Since: August 9, 2011
Forum Posts: 2709
sp_UserOfflineSmall Offline

[quote:21gyykwv]Should I allow Google and Yahoo to scan my Ip's ( create rule in Outpost for them)? If the answer is yes, in what way this will affect my security?[/quote:21gyykwv]
No, definitely not. Allow your firewall to continue blocking them.

[quote:21gyykwv]Is a resident firewall still needed in case I will go for the router protection?[/quote:21gyykwv]
That is debatable, some do not consider it necessary. It depends largely on the user and the level of risk they are prepared to take. I would always advocate both, even if just to be on the safe side.
So, I would recommend using both. If the host machine is capable of running an installed firewall without any negative impact then there is certainly no harm and possibly a lot of good.

Cheers.....Jim

Avatar
Chad Johnson
Mod
Members
December 29, 2010 - 3:52 pm
Member Since: August 11, 2011
Forum Posts: 867
sp_UserOfflineSmall Offline

I know I'm late to the party, but I'll throw in my two cents on the need for a software firewall:

My experience is that with a good hardware firewall in place (i.e. router or even a firewall appliance) there is not really a need for software firewalls as long as you trust the devices on your network.

As a systems administrator at work - I don't trust anyone. It's my job not to, so I assume that all computers are actively trying to hack information that they have no business having (yes, the admin's job is to be more panicky than necessary). So we run software firewalls on all of our servers, hardware firewalls between us and the internet, and each of our VLANs (Virtual LANs...a way to run multiple networks across the same hardware) only cross over through a firewall.

That's a corporate environment.

At home - I'm much more lax. Only people I trust come onto my network, and everything on my network has open access to talk to each other. There's a nice hardware firewall blocking access onto the network, a nice WPA2 protected hash key on my wireless, and everything runs a-ok. I don't like to waste resources on a software firewall on my home network.

When I take my laptops out of the house, the firewall comes on. Inside the house, no big deal.

And that was probably way more information than you were looking for.

Avatar
David Hartsock
Admin
December 31, 2010 - 5:45 am
Member Since: August 7, 2011
Forum Posts: 1117
sp_UserOfflineSmall Offline

[quote="coolczone":3423nxkh]1.Should I allow Google and Yahoo to scan my Ip's ( create rule in Outpost for them)? If the answer is yes, in what way this will affect my security?[/quote:3423nxkh]
Your firewall is blocking them. If you haven't lost any access to Google, Yahoo, etc then I see no need to change your firewall rules.
[quote:3423nxkh]2. Is a resident firewall still needed in case I will go for the router protection?[/quote:3423nxkh]
Well. In most cases it isn't required, but I like to have them. Why? A good firewall will prompt you for every inbound and outbound connection, which gives several benefits (especially for those who aren't techy types):
1. You learn which programs are trying to access the internet - you'll be surprised how many programs do and wonder why some do when you can't think of any need for them to have access.
2. Outbound connection requests. After you've used the computer for a week or two, and have rules set for most programs that you are familiar with, it becomes an "early warning system" and a great way to catch malware. As an example you download something labeled as a theme, pdf, simple program, or doc. As soon as you try to run or view the download your firewall jumps up with a warning about an outbound connection. If the download was not a reputable product downloaded from a reputable site it would be a good time to do some scanning and searching on the web. Seem far fetched? Running AV software? I've seen it happen.
3. If the computer is portable. When you join someone's network that you don't have control of (Starbucks, McDonalds, air port, etc) you need a software firewall.

Avatar
coolczone
Member
Members
January 9, 2011 - 3:33 am
Member Since: April 24, 2010
Forum Posts: 39
sp_UserOfflineSmall Offline

Hi guys,
sorry for my late replay, I am in the process of moving out and at my new place I do not have internet access yet.
Dave, one of the problems is that once I am being scanned, my firewall is blocking the IP. So my browsing search is way more difficult since Google is my 1st choice, and Yahoo the 2nd. Now I am blocking the IP's individually. From time to time it seams like they are giving me a brake, but after a while everything is aggressive again. What I was able to see is that the scanning occurs once I am trying to move to some other page just looking for more info, or when I am opening my browser, since Mozilla is set to Google as my home page. I even installed again my OS, but the scanning is still on. Will changing my MAC help solve this problem?

Forum Timezone: America/Indiana/Indianapolis
Most Users Ever Online: 2303
Currently Online:
Guest(s) 128
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Chad Johnson: 867
Mindblower: 677
carbonterry2: 356
Flying Dutchman: 278
grr: 211
Member Stats:
Guest Posters: 11
Members: 3229
Moderators: 7
Admins: 3
Forum Stats:
Groups: 8
Forums: 20
Topics: 1954
Posts: 13563
Newest Members:
instaproapk, mousetesteronline, keshamatt, Patriciabin, MattOwens
Moderators: Carol Bratt: 67, dandl: 740, Jason Shuffield: 1, Jim Canfield: 8, Terry Hollett: 0, Stuart Berg: 0, John Durso: 0
Administrators: Jim Hillier: 2709, Richard Pedersen: 210, David Hartsock: 1117
Scroll to Top

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!