|
|
macnn scanning ports on my computer
|
|
|
|
Fresh-Faced Recruit
Join Date: Dec 2001
Location: switzerland
Status:
Offline
|
|
i've been a macnn reader for far far longer than i've been a member of the forums and i really enjoy the site, i recently got a firewall program by intego to add an extra level of protection to my LAN. a couple of days later i notice that out of all the thousands of sites that i visit there is one that just will not load, my safari Homepage site (macnn.com). after about two weeks of not being able to read my favorite site i realize that NetBarrier has blocked two IPs (216.22.45.41 and 42) from macnn for attempting to scan ports on my computer.
i'm no expert but according to my definition (A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness.)
now why on earth would macnn be scanning my ports?!?
are they scanning yours too?
thoughts anyone.
i'd hate to block the site since i enjoy so much reading it...
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2000
Location: Union County, NJ
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Dec 2001
Location: switzerland
Status:
Offline
|
|
Originally posted by starman:
Which ports?
all i guess, as i said i'm no expert and all NetBarrier tells me is (This address was put in the stop list because it tried a scan port on your computer.)
why, does it make a difference?
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Dec 2003
Status:
Offline
|
|
Originally posted by line:
why, does it make a difference?
Well, sorta. It shouldn't be scanning any ports, but it wouldn't hurt to know which ones it did scan.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Oct 2001
Location: South of the Mason-Dixon line
Status:
Offline
|
|
Maybe it's just trying to block 'Avenue A' and 'Doubleclick' - and whatever other (questionable) advertising ploys MaccNN agreed to let them do.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Oct 2000
Location: Toronto, ON
Status:
Offline
|
|
How do you know NetBarrier isn't lying?
|
The Lord said 'Peter, I can see your house from here.'
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Dec 2001
Location: switzerland
Status:
Offline
|
|
Originally posted by ReggieX:
How do you know NetBarrier isn't lying?
what are the odds that nebarrier selects two ramdom IPs on two different days aug.4th and aug 20th that turn out to come from the same host ?
the explanation of questionable advertisement practices as Spliffdaddy mentioned is what i beleive it could be, and what would bother me the most if it turned out to be the case.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Oct 2001
Location: PA
Status:
Offline
|
|
Originally posted by line:
thoughts anyone.
i'd hate to block the site since i enjoy so much reading it...
If you think it's the doubleclick ads, you could edit your hosts file to stop the ads from loading and see if that makes a difference ot not.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Dec 2001
Location: switzerland
Status:
Offline
|
|
Originally posted by ringo:
If you think it's the doubleclick ads, you could edit your hosts file to stop the ads from loading and see if that makes a difference ot not.
i would, but i have no idea how to block only the ads... and as i said when i block either or both of the IPs the site wont load, any advice
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2002
Location: Kyoto, Japan
Status:
Offline
|
|
Add lines like this to your /etc/hosts file as root:
xxx.xxx.xxx.xxx 127.0.0.1
Where xxx.xxx.xxx.xxx is the IP you want to block.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Dec 2001
Location: switzerland
Status:
Offline
|
|
Originally posted by Scifience:
Add lines like this to your /etc/hosts file as root:
xxx.xxx.xxx.xxx 127.0.0.1
Where xxx.xxx.xxx.xxx is the IP you want to block.
i appreciate your intentions but i must stress i'm no expert on this matter (basically meaning i can't do unix, i don't know how to log on as root and i don't feel very confident modifying the host file or any other sytem file if not through a shelled application).
also, some of the computers of the network are running multi-user and in such a case host info is managed through lookupd, which gets information from NetInfo, so /etc/hosts will not be consulted unless i have changed lookupd's configuration. I don't think i really want to know how that is done...
in all truth i was hoping not for a tecnical but for a more political solution to this problem such as lobbying for macnn's advertisers to rethink their practices.
Does it make any sense?
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Dec 2001
Location: switzerland
Status:
Offline
|
|
ok now, no one up for the political solution so lets get tecnical, can somebody please tell me an easy way to block port scans from macnn's advertisers without blocking the entire site?
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 2000
Location: Amboy Navada, Canadia.
Status:
Offline
|
|
Use a reliable, prefereably noncommercial firewall. Try IPFW (you need unix), get a NAT router, or turn on IPFW via the easy config in the Sharing pane of System Preferences. If you're on OS 9, ISTR only Netbarrier and IPNetFilter.
It's probably harmless, especially if you have nothing open on those ports. Try going to grc.com and use ShieldsUp, and see what you're open to. Some say Gibson is full of it, I tend to think he's more of a promoter of security awareness than one who knows all about security issues.
|
[img]broken link[/img]
This insanity brought to you by:
The French CBC, driving antenna users mad since 1937.
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Sep 2000
Location: AB, Canada
Status:
Offline
|
|
My system seems to be scanned while ADSL connection live. The most common ports showing up in the system log for my Nat router appear to be UDP 1026, TCP 80, TCP 135, TCP 445, TCP 2745. I have no idea what functions these ports are for.
Here is a small sampling of what by Nat router has been blocking for my system.
Tue Aug 24 17:51:56 2004 Unrecognized attempt blocked from 142.59.191.183:3191 to TCP port 445
Tue Aug 24 17:51:58 2004 Unrecognized attempt blocked from 142.59.29.105:3138 to TCP port 135
Tue Aug 24 17:52:01 2004 Unrecognized attempt blocked from 142.59.29.105:3138 to TCP port 135
Tue Aug 24 17:53:35 2004 Unrecognized attempt blocked from 81.168.131.34:3206 to TCP port 445
Tue Aug 24 17:53:38 2004 Unrecognized attempt blocked from 81.168.131.34:3206 to TCP port 445
Tue Aug 24 17:53:44 2004 Unrecognized attempt blocked from 81.168.131.34:3206 to TCP port 445
Tue Aug 24 17:53:48 2004 Unrecognized attempt blocked from 67.98.30.240:7092 to UDP port 1026
Tue Aug 24 17:53:54 2004 Unrecognized attempt blocked from 216.134.83.57:17906 to UDP port 1026
|
As a man comes, so he departs.
|
|
|
|
|
|
|
|
Senior User
Join Date: Nov 2000
Status:
Offline
|
|
Unless you can tell us the ACTUAL complete message, including all details that Netbarrier is giving you, nobody can really help you. Port numbers would be especially useful.
- proton
|
|
|
|
|
|
|
|
|
Moderator Emeritus
Join Date: Apr 2001
Location: Fort Lauderdale, FL
Status:
Offline
|
|
i've got no wisdom for ya, but i'd suggest posting in the 'feedback'(whatever it's called) forum if you want to hear something from the mods or whoever.
eh
|
ice
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|