In the letter I received this afternoon, it describes port scanning as an attempt to look into other computers to see if you can remotely access them. The complaints they received were traced to my IP address.
I **do not ** know how to “port scan” nor would I want to “port scan” now that I know to a certain extent what it actually is.
Could others be using my IP address without my knowledge?
How do I stop this? I will not tell my husband, he is extremely paranoid and prone to anxiety attacks. I’d like to do something about this before I am excommunicated from the Road Runner family.
Dowload and run Adaware and Spybot. Both of these can detect and remove spyware, including trojans that might attempt to use your computer for port scanning or other tasks.
You might also install a good virus scanner, such as AVG, available from grisoft.com. If you call RoadRunner tech support, they too should be able to help you.
To add to what QED said. Also run antivirus. Several viruses scan other computers looking for a way to infect (IE code red / code blue).
Just curious does the letter say how they found out you were port scanning? Did someone complain, or did they sniff their own network, and see it? I port scan systems for friends to confirm their systems are locked down with their permission. Would hate to loose my cable modem because of it. Also there are several legitamte uses of a port scan.
To answer CharlesW the letter states “We have received multiple complaints of port scanning originating from your computer. After reviewing the complaint, we have verified that the IP address in question was associated with your road runner account at that time”
and GuanoLad what do you mean by dynamic IP address?
Sorry for my lack of knowledge in this area, guys.
Someone may have gained access to your system through a trojan and is using it to port-scan others. This is bad. Try the link above and post your results, if any.
Another thing to do that hasn’t been mentioned yet is to go to Microsoft’s website or use the “Windows Update” feature to install all the critical security updates. This is assuming that you run Windows and IE.
im2evil4u with a dial-up account every time you log in to your ISP you are assigned an IP address. This address changes every time you log in, thus it is a “dynamic” IP.
With broadband connections (“always on!”) your IP address is static - and thus while you sleep every night some hacker could be pinging IP addresses until he finds yours. Of course this would also be true if you left your dial-up connection established 24/7, but as soon as you disconnect (either by choice or by accident) you would be reassigned a new IP address the next time around. What GuanoLad was suggesting was that if you had a different IP every time you signed in, how could they trace it to you? Revtim said that the ISPs track every IP you are assigned, every time. I don’t know for sure, but it doesn’t seem like it would be that hard to do.
I would run AdAware now to see if you have any trojans or spyware on your machine. Then install ZoneAlarm and do periodic (weekly) virus scans.
That site does not look at all reliable to me. First off they detected the wrong IP address. Then they say you cannot be running a firewall and some other similar reservation like that. Frankly, it looks like crap.
This isn’t quite correct. Most broadband connections are also DHCP (the “D” is for “Dynamic”), meaning that when your computer wakes up on the network, it asks the DHCP server for an IP address. This is opposed to getting a fixed address that’s always yours. The difference is that with an always-on connection, you’ll usually keep the same address for a longer period of time.
Back when I had DSL (going back to dial-up two years ago was painful), the ISP made me pay extra for a static IP address, in order to use my company’s VPN. I know, these two don’t seem related, but their service didn’t work with VPNs unless you sprang for the bucks to get static IP.
I cannot find it now, but I believe that I had a stat showing that only about 5% of broadband accounts in the US in the “basic package” were static IP. Regardless of whether it’s static or not, this is somewhat unrelated to a hacker trying to access broadband accounts. It’s the “always on” aspect that makes people more vulnerable, along with the not running any sort of hardware or (if you really must) software firewall.
Port scanning is very useful from a diagnostic standpoint, and is also a great deterrent from a “fighting back” standpoint as well. A useful use of it is sweeping the networks at work to find out who is running web servers without permission. A deterrent use of it is when people try hacking my servers, I start scanning them back hard to see what is up and give them a warning that “I know what you are doing”. I did it once to Fierra’s computer whilst on the phone with her, as an experiment - ZoneAlarm went absolutely apeshit, and essentially said she was under “massive attack”.
Whether or not it is “illegal” to port scan without permission (let’s be clear on that - port scanning with permission on both sides is not illegal, despite the FUD spread by the quasi-computer literate) is murky. If you are simply seeing if ports are alive, then that really cannot be “effectively” made illegal, since that’s a basic aspect of having a TCP/IP connection. If you are scanning ports to try to find holes or access points, then that can be illegal depending on the jurisdictions involved, but proving that you were trying to do it for nefarious purposes would be hard. Now, scanning for open ports and then trying to get in without permission would be (in most jurisdictions) illegal.
In any event, all of the above may or may not be a violation of the TOS of Road Runner. I would send them a letter back, or call them and say you have no freaking idea why your PC would be doing that, and it’s not by your direction or control, and maybe if they would provide some more information such as what IP addresses you were reputedly scanning, the times and dates, what ports you were scanning, how many sweeps/minute, etc. then you could diagnose the problem better. Otherwise, if they are going to withhold that information, then maybe they really don’t know for certain it’s you in the first place.