Yahoo & BT Scanning Ports? Firewall?

  TonyThePM 19:39 13 Feb 04
Locked

Hi Folks,

Using XP, BTYahoo Broadband and McAfee firewall. I get repeated port scan attack warnings from the firewall. The IP source addresses concerned are:

217.32.108.165
and a range 193.108.93.*

From what I´ve been able to sort out, the first is a BT.COM address, and the second is the ad servers used by Yahoo. Blocking either address at the firewall causes major slowdowns in web browsing waiting for items to time out etc, and items such as ads etc fail to appear in Yahoos pages etc.

I´ve checked for virus and spyware etc and am confident the system is clean.

So my question is, why would BT and Yahoo appear to be doing port scans?
TIA
ps I´m not really the PM and I´m not looking for weapons of mass destruction..... ;-)

  johnnyrocker 19:44 13 Feb 04

depends on your set up but most isp's use heartbeat pulses to their equipment in the home as identification, the bt addy bit might be a bit misleading as you could be being scanned by any bt cust via their servers if that makes any sense or someone might be able to polish it up a bit;)

johnny.

  GANDALF <|:-)> 19:57 13 Feb 04

You will NOT get hacked on a home computer. Hackers are not interested in the utter drivel that is on mine and everyone else's

Firewalls are useful in stopping Trojans dialling out but to be honest, if someone wanted to put a dialler on a computer, it would not be rocket science. There are at least 5 programmes that can by-pass firewalls, 'TooLeaky' having the Gibsonmeisters' grudgingly awarded seal of entry. The Cult of the Dead Cows' Back Orifice, cheekily named after Microsoft's' Back Office, could easily be put on a target computer, if one was really trying and the firewall would still be asleep dreaming of bytes.

However, like my computer, most home computers contain utter drivel which is important to the owner but naff all use to the great unwashed. Bank and credit card details can be culled much easier than rooting through turgid files on a home computer. Hacking is NOT about breaking into home computers, it is about getting onto networks using passwords.

The 'alerts/attacks' are merely computers on the net asking your computer if it is still connected; these queries are called 'handshakes'. When you are connected to the net you could be going through many servers and routers. This occurs in a millisecond, so you do not notice. All these routers and servers need to know that your computer is receiving, so that they can send images and WebPages to your IP, which is in effect, your mailbox or receiving station. When on the Net you can pass through more than 20 servers and routers and they could all be handshaking your computer at short intervals. You will notice many of the 'alerts' come from Telecoms, which should come as no surprise as they own most of the routers etc. It is also interesting and miraculous that the 'alerts' disappear when you pay for the *ahem* Pro-Version of a firewall (see Zonealarm;-) ).

If you were being hacked, I can assure you that you would not get an alert.

Turn off all the alert buttons/warnings on your firewall safe in the knowledge that you will not be hacked.

G

  TonyThePM 20:03 13 Feb 04

Thanks Johnny. I agree with you there is no guarantee the BT address means the attack comes from there. The idea of a heartbeat pulse is interesting, but why would the ISP need to scan the ports? After all, I "originate" the connection using a BT provided software component, so surely there wouldn´t be a need to scan ports from the outside world? The connection software should be able to simply establish a working port?

The Yahoo ad servers remain a mystery, and I´m very, very sceptical. Interested to hear if anyone else is getting similar messages.

I´ve reported the incidents to both BT and Yahoo, but silence appears to be golden.....

  TonyThePM 20:20 13 Feb 04

Hi Gandalf,

Thanks for taking the time to reply. I agree with a large part of your response, but port scanning is the point at which we would start to disagree. You´ve only to consider the MyDoom type scenario to realise there are more reasons for finding backdoors to personal computers than bank and credit card details. Even so, I prefer to keep mine as secret as poss :-)

I´m satisfied that my systems are as reasonably protected as make sense. Just disatisfied that I don´t understand why apparently reputable companies such as BT and Yahoo appear to employ port scanning. I´m not suggesting that either company would be doing a MyDoom of course, but it might be one way of nobbling the competition (just kidding)

Cheers

Home computers are sometimes also used for DOS attacks.

  GANDALF <|:-)> 11:36 14 Feb 04

'Home computers are sometimes also used for DOS attacks'...you have proof of this?

'I don´t understand why apparently reputable companies such as BT and Yahoo appear to employ port scanning'....they use a 'form' of port scanning to ensure that your IP is still alive. When you request a web page the information, pictures, flash etc., have to be directed to an address, aka your IP address. Your IP address will be scanned continuously to ensure that it is still alive and not disconnected. It is called 'handshaking' in the trade.

A very cynical person would say that certain firewall companies use this scanning to show as 'alerts' and show the purchaser that the firewall is doing it's job....eyes raise. Most of the scare stories of hackers taking over home computers are utter cobblers; if they were going to attack a network they would not use unsecured computers and it is much easier to get onto a network using backdoor passwords and 'slip-in' methods, that are anonymous.

There are much easier ways of getting bank and CC details and as I have said before anyone that thinks their computer contains anything of interest to a hacker has an over-inflated sense of their own importance.



G

If I interpret your comments correctly,do you consider a Firewall for home users a waste of time?If so this does appear to fly in the face of most printed comment, including the fact that home computers can and are used for DOS attacks.Think about it, the only other source for DOS attacks are commercial computers which are usually very well protected; or do you hold the view that the majority of companies don't use some form of firewall.

  GANDALF <|:-)> 12:25 14 Feb 04

'including the fact that home computers can and are used for DOS attacks'...again, proof please. Hacking is about passwords, DOS attacks are so 1980. If you are referring to DNS attacks, a firewall is a much use as a chocolate teapot. ZA was recently brought down by a DNS attack and on would assume that the barking Steve Gibson had paid his subs for ZA Pro.

I have not used a firewall for over a year (there have been at least two long threads about this) as have some other people on this forum and elsewhere. I would not recommend that a home user, with little experience bins the firewall and I always recommend Outpost. However I still await any proof that a home computer has been hacked. Trojans can get past firewalls ;-)) As I keep saying my comments are not directed at Networks (as this is not a network forum but a home user forum).

Companies do use firewalls but hacking is about passwords...I assume that the North American Missile Defence computers had a firewall better than the trashily advertised ZA....didn't take a 17yr old hacker long to get into that and 150 other secure sites.

As I have said many times before there is a lot of cobblers and paranoia written about hacking and home computer 'security'. People need to take a step back to reality.

G

  TonyThePM 22:50 15 Feb 04

Gandalf,

"Dos attacks are so 1980" Try telling that to SCO and MS. The recent MyDoom outbreak was a clear attempt to use home computers as the delivery mechanism for a DOS attack. Seems very much 2004 to me :)

Cheers

  GANDALF <|:-)> 23:36 15 Feb 04

It was a virus that caused MyDoom and NO firewall would have stopped it. It was a simple email programme that was intended to flood their servers...which it did.

G

This thread is now locked and can not be replied to.

What is ransomware and how do I protect my PC from WannaCry?

Disney layout supervisor Rob Dressel on the challenges of visualising Moana

Siri vs Google Assistant