probing my firewall
last night i noticed that there’s a little more activity on my firewall. i took a look at the logs and i noticed someone was doing a portscan on me — first was a distributed portscan next was a decoy portscan. i deliberately erased the reported ip address in the screen shot below because it may be a spoofed address and therefore innocent of the portscan.
ok first a little refresher, if you’re connected to the internet, an ip address would be assigned to your computer. a portscan is when another computer on the internet looks for open ports (synonymous to doors) in your computer. a distributed portscan is when two or more computers on the internet look for open ports in your computer. this type of scan happens all the time on the internet. what’s new to me is the decoy portscan. this is usually a prelude to a hacking.
so, you have an ip address, 123.123.123.123 for example, and the computer doing the scanning is, for example, 234.234.234.234. you obviously can see their address and block it. in a decoy portscan, they hide their actual ip address from you by using another ip address. this is called spoofing an ip address.
what can you do about it? nothing much except to block the address. if you have a firewall then it should be able to detect the scan and block the address automatically. a good firewall will also tell you what type of portscan it is.
i actually found it excitingly fun! automated or not, someone actually tried to bite me. ha! i wasn’t alarmed by it because i’m running smoothwall — a linux-based firewall — on a separate computer (an old p2) and it stands between me and the internet. its set up not to allow anything uninvited from the internet. all ports closed so nothing is coming in that i didn’t initiate.
