"Detected Port Scanning Attack" Wha??

[MegalosSkylaki]

DOOG is on the Road and that meens leaving the security of home internet for Hotel Internet and WiFi.

My security software on one of the two lappies I bought with me keeps giving me maybe once for every fifteen - twenty minutes of use a security warning that a port scanning attack has been detected.

I did a deep scan and this revealed zero malware.

Is this simply a commonplace occurance of the Internet doing its business?

Or is my security-ware fending off a genuine malware attack?

What the heck is port scanning anyway?

MegalosSkylaki

[paul9]

It is quite common, and usually someone checking a range of IP addresses for open and vulnerable ports.
GRC*|*Gibson Research Corporation Home Page**
Go there and look at the ShieldsUp! pages for a bit more info. Remember your router and operating system usually contain firewalls to help against this sort of thing.

[Taxmancometh]

Could b e a spear phisher from China.

[Interrupt]

DOOG is on the Road and that meens leaving the security of home internet for Hotel Internet and WiFi.

My security software on one of the two lappies I bought with me keeps giving me maybe once for every fifteen - twenty minutes of use a security warning that a port scanning attack has been detected.

I did a deep scan and this revealed zero malware.

Is this simply a commonplace occurance of the Internet doing its business?

Or is my security-ware fending off a genuine malware attack?

What the heck is port scanning anyway?

MegalosSkylaki

Also you should think twice before using any form of public wi-fi or public internet. Especially in hotels. Either use a VPN to connect back to your home network if you can or start a mobile hotspot to use all your wireless components via a smart phone's 3G CDMA or LTE serve (conserve battery by plugging in, etc... those hotspot creation tools are free on Android, so don't get sucked into paying for the service via your cell provider if you don't have to).

I practice a bit of both... now and then I'll watch the wireless connections just to see who else is logged into the wi-fi. Those public wi-fis are very shady.

MITM attacks/cache exploits/etc. are all very common with public wi-fi.

It could be something simple like a form of authentication which is triggering your security software (consider that most hotels and boats use those stupid portals to have you log in before you connect through their internet, these could be giving you a false positive). Or it could be something genuine.

Be safe.

[Taxmancometh]

I have a built-in SSH server in the router that I tunnel to at WIFI hotspots, plus I uase Comodo firewall which helps block the cache attempts and such.

[Interrupt]

I have a built-in SSH server in the router that I tunnel to at WIFI hotspots, plus I uase Comodo firewall which helps block the cache attempts and such.

Excellent, what type of router is it? I don't think my router is capable of doing that (I doubt any "stock" router would be, I have a crappy Actiontec for my 30/30 optical). I'd love to look into that for myself.

Btw, I wrote up an article on cache poisoning somewhere. But I'll also try to post a bit more about this in my blog at some point (it may be in my FB notes, if so I'll transfer it over for those interested... I refer to those as "Stackbucks Social Exploits" lol).

[Interrupt]

Wrote up a little something on it here: http://www.techimo.com/forum/blogs/m...hijacking.html (in the blog section of my profile if the link doesn't work).

[Taxmancometh]

Excellent, what type of router is it? I don't think my router is capable of doing that (I doubt any "stock" router would be, I have a crappy Actiontec for my 30/30 optical). I'd love to look into that for myself.

Btw, I wrote up an article on cache poisoning somewhere. But I'll also try to post a bit more about this in my blog at some point (it may be in my FB notes, if so I'll transfer it over for those interested... I refer to those as "Stackbucks Social Exploits" lol).

It's a WRT54GL with the firmware DD-WRT installed. www.dd-wrt.com | Unleash Your Router

[MegalosSkylaki]

WOOOPS de DOOOOG

[MegalosSkylaki]

Also you should think twice before using any form of public wi-fi or public internet. Especially in hotels. Either use a VPN to connect back to your home network if you can or start a mobile hotspot to use all your wireless components via a smart phone's 3G CDMA or LTE serve (conserve battery by plugging in, etc... those hotspot creation tools are free on Android, so don't get sucked into paying for the service via your cell provider if you don't have to).

I practice a bit of both... now and then I'll watch the wireless connections just to see who else is logged into the wi-fi. Those public wi-fis are very shady.

MITM attacks/cache exploits/etc. are all very common with public wi-fi.

It could be something simple like a form of authentication which is triggering your security software (consider that most hotels and boats use those stupid portals to have you log in before you connect through their internet, these could be giving you a false positive). Or it could be something genuine.

Be safe.

I've come to the conclusion that it's the Hotel's WiFi Router thats generating all those Security alerts.

That's because I've noticed that the IP address is always the same. Of course if I could find someone here ( at the Hotel) who knows such stuff I could ask what their addy is.

Anyhow, I'm interested in using something other than public Wifi and I've dumped the $50 a month I was paying for a plug in USB gismo and G-service.

Believe it or not, while I have about 8 laptops in various form factors and about a half dozen desktop computers, and 3 cellphones--not one is a smart phone.

I figure to keep my old 1000 minute $50 for all my cells so I never converted to a smart phone which I figure I am smarter than () anyway.

So anyways I can grab some free wifi and avoid all this public crap which I hate and don't trust anyhow? My cells are G-enabled and I don't recall how if at all they use it as I don't have a data plan.

MegalosSkylaki

[Interrupt]

Yeah I kind of figured it was something like that, even still it's always better not to chance it with those darn pesky public wi-fis.

Anyhow, I'm interested in using something other than public Wifi and I've dumped the $50 a month I was paying for a plug in USB gismo and G-service.

Now you're in the same boat as me. There are some better alternatives. From what I know you could use only those SSL-enabled sites to connect (if you are using Firefox as a browser you could install HTTPS Anywhere), but that doesn't solve your dilemma with absolutely being sure your data is safeguarded. So the choices are:

1) Setup your own VPN and proxy for tunneling traffic. Which I've been trying to do and have a headache doing. Best solution is OpenVPN.
2) Purchase one of the VPN services (they are less than what you were paying per month for that other service). Those are like: StrongVPN or ProXPN.
3) Use a network/ARP table monitoring program... maybe someone on the forums can recommend a good one.

There are also other free VPN services much they have traffic limits, etc.

You should get a smartphone!

Maybe someone else has some good solutions which are free.

Edit- Hotspot Shield - CNET Download.com has a free version, toolbar supported, slower than their paid version too. I haven't tried it yet but may be worth checking out.

[Taxmancometh]

I've used Hotspot shield many times before and it works great. I would use it with Firefox and the add-on Adblock though otherwise you will be bombarded with ads.

[Interrupt]

Just started using Hotspot Shield... lol works fine, I mean they say it can be slow but for normal surfing it's good. Plus with the adblock like you said, Tax, I can block all their ads. *Shrugs* lol not bad for free and unlimited data.

Do you know if there's anyway to use Hotspot Shield with IRC? Looks like the IPs are banned on most major IRC networks.
What kind of data do they retain? Do you know by any chance? (IPs or actual data from traffic) Found answer here and here (official privacy policy).

[Taxmancometh]

I forgot to mention that DD-WRT supports Hotspot shield in the router.

[Interrupt]

I forgot to mention that DD-WRT supports Hotspot shield in the router.

That router is amazing. I want one. Birthday coming soon... in April! LOL

[Taxmancometh]

They are only $50.00 on Newegg.