Portscan

[apne]

my anti-virus blocked a 'portscan' a couple of times. it says an intrusion attempt by ip was blocked. the ip adress is that of my service provider. anybody got any info on what portscan is? and what it got to do with your service provider?

[SATORi]

Ok, I'll try to not get too technical --

Your computer just like students in a class..."listen" for the recess bell which they respond to automatically by rushing out and alerting everyone that they are now done with the class and are headed out to play with everyone else in the court or carry out their usual activities; your computer, too has ports which do the same thing, listen and respond in some cases.

A port is a place where information is sent and received using the internet protocol, TCP/IP. Think of it as a sea-port sending and receiving goods. there are 65535 ports avaiable over the TCP/IP. Now, there are well known ports which a client program (locally installed on your machine) uses all the time, on all the pc's worldwide. For example, the common, port 80 is for the HTTP service, which you might be familiar with, thus it is also not provided in the URL you might type in into your web-browser's address bar. Example: http://www.google.com:80 -- Port 80 has been assigned or allocated by the Internet Assigned Numbers Authority, IANA. So port 80 has been pre-assianged to the Hypertext Transfer Protocol and knows it's purpose. Ok so you now might understand what a port is and that there are common ports pre-assianged by the IANA.

Here as are some Ports which are very common --

7 - echo

9 - Discard

11 - Systat

13 - Daytime

15 - Netstat

17 - Qotd

18 - Send/rwp

19 - Chargen

21 - FTP (File Transfer Protocol)

22 - SSH (Secure Shell)

23 - Telnet

25 - Send Mail Transfer Protocoll (SMTP)

43 - Whois

53 - DNS (Domain Name Service)

80 - HyperText Transfer Protocol (HTTP)

110 - POP3 (Post Office Protocol, v3)

115 - SFTP (Secure FTP)

etc... the list goes on.

A portscan is when someone scans a computer's ports to check which ports are open(listening), closed, or blocked.

Messages or bits of information is sent to the computer and a response is awaited, the kind of respond received reveals information about that specific port(s) -- whether the port is used and perhaps, how it can be exploited.

The result of a scan on a port is usually generalized into one of three categories:

* Open or Accepted: The host sent a reply indicating that a service is listening on the port.

* Closed or Denied or Not Listening: The host sent a reply indicating that connections will be denied to the port.

* Filtered, Dropped or Blocked: There was no reply from the host.

Ports which are presented as open or listening, will might bring a suggestion to the person scanning the computer, that is, vulnerability. Though, it depends on the different services and applications running on the PC and the default services which the Operating System uses.

Your ISP could be carrying out regular routines of the portscans on it's range of IP addresses to ensure that there are no vulnerable open ports which can be exploited, or a service running on a port which can be exploited.

You could contact your ISP and tell them about the blocked port scans and ask them if it's anything serious on their side, but I suppose it's some routine check. Though, it's a good thing your firewall is still attentive and blocked such scans.

[apne]

Thanks! :a+