demoninho

What does it mean when somebody is doing a port scan?
My firewall calls it a minor threat the protocol used for the scan is TCP. I'm on a permanent adsl connection.

Here the whois info

edited to remove personal information-Aqua

DarkBronzePlant

Not sure how much you know about ports, but basically, a port is like an address within your computer. Your computer itself has in internet address (an IP address, used by other computers on the internet to locate it.) But also within you conputer, every application that's running that acts like a server also has it's own address. That address is called a "port". So if you are running a Web server, e.g., it is said to be "listening on a port" (typically, most public Web sites run, or listen, on port 80 of the computer they reside on.) A database server might be listening on a different port, a telnet server on yet a different port, etc.

Most computers, even personal computers, have server applications of various kinds running on them for various tasks. So when someone is port scanning, they are targetting a specific computer based on its IP address, and then trying out all of the possible ports on that computer to see if they get any response back,which would indicate that a server application is listening on that port. They can then try to gain access to the computer on any port they find open, usually by trying to exploit a weakness in whatever server application is listening on that port.

Of course, this is done in an automated way, not by someone manually typing into a keyboard.

Almost any internet-enabled computer will get port-scanned during its life. So that's not a huge concern. You just need to make sure that any non-essential server apps aren't running, or that at least your firewall prevents unauthorized access (that's a whole other topic.)

demoninho

Ok thanks, I think I understand.

AquaVita

Hey demoninho, I've removed some of the more sensitive information in your post. It's sort of like posting someone's home adress. It is probably just a legitmate request from whoever did the scan, and i'd hate for someone to acquire their IP address and other information and use it for the wrong reasons.

Hope you understand! No biggie.

voltaire321

DarkBronzePlant gave an excellent explanation of ports, however for anyone that didn't get it I always use this analogy when explaining ports:

All computers on the internet have an IP address, this is how other computers contact them. You can think of IP addresses as phone numbers. If you want to talk to a specific computer all you have to do is dial it's IP address (figuratively, you can't dial an IP address with a telephone.)

If IP address are phone numbers, then you can think of ports as extensions. If you dial a company's main number you may very well get an automated answer asking which extenstion you want. Ports act similarly. When connecting to a computer you must specify a port as well as an IP address (although most well known programs, such as web browsers, e-mail clients, ftp clients, etc. use standard port numbers, so they don't ask you to specify one manually.)

So, doing a port scan is analogous to calling every phone extension at a company to see who answers. Most extensions won't answer, but some will ( at least on a machine without a firewall.) Once a port scan has been done then the scanner can determine if any of the ports that answered are running programs that are vulnerable to hacking. If you are running a firewall then most likely your vulnerable ports are protected.

demoninho

No,problems but usually I just have 4 programs running with access to the internet: opera, msn/yahoo/windows messengers, I had a port scan once before when I was using eyeball chat messenger and tracing the IP it turned out to be my friend (whose computer I was scanning) but I sure don't know anyone in Russia.


Anyway thanks for the explanation, there might be a future for me in the IT yet