local hacking?

[brian]

ok. so at my company, we sub-lease our internet and building. This other company is see that some one is doing a port hack. i forget what it is called like u something. but it is a port hack. i think it is a bug on someones computer but we cant tell. is there some free software that can scan the internet and check where it is coming from? like the ip or mac address? it is from inside our company so the firewall does not catch it. have any suggestions

 

[INTELCRAZY]

ok. so at my company, we sub-lease our internet and building. This other company is see that some one is doing a port hack. i forget what it is called like u something. but it is a port hack. i think it is a bug on someones computer but we cant tell. is there some free software that can scan the internet and check where it is coming from? like the ip or mac address? it is from inside our company so the firewall does not catch it. have any suggestions

Block the port....

 

[brian]

well we think all are blocked. well i think. but it is scanning our ports to see if any are open

 

[INTELCRAZY]

well we think all are blocked. well i think. but it is scanning our ports to see if any are open

How many machines are on this network?

 

[brian]

about 30

 

[Vista]

You can find free scanners for your ports on-line. Just google them.

 

[INTELCRAZY]

about 30

XP, Vista, etc?

If I were you I would just put in a nice firewall and not allow anything to go out or in unless it's like Internet, etc. Find out what ports you guys use...

 

[brian]

well the problem is not our firewall presay. it is more local. so i dont think it is sending out but it is localy searching so no firewall can pick it up. and it is mixed. we have all linux, mac, xp and vista

 

[INTELCRAZY]

well the problem is not our firewall presay. it is more local. so i dont think it is sending out but it is localy searching so no firewall can pick it up. and it is mixed. we have all linux, mac, xp and vista

Ooh, I dunno then, wow... You're gonna need someone way better than me for this...

 

[hermeslyre]

I'm not any better, but Q, Someone inside the network is port scanning the host computer for any signs of unblocked, open ports? What you should do is.. put up a notice saying that you've noticed it, and would like the person to stop. If you want to know who it is, check the firewall logs for the clients private IP address (192.168.1.220 etc) and figure out which computer is assigned that local IP address.

If I got you wrong and you meant the port scan is coming from outside the network, I don't think you should worry; port scanning is very common, it happens to everyone. Whether purposely or not. Even DoD and FBI servers will port scan the net on a continual basis, Most of them are knowingly infected, and are being remotely controlled from china. If I still didn't answer your Q.. I dunno, lol.

 

[brian]

yeah it is comming from in our own network, also we dont know if a person is doing it on perpous or if it is some virus. Also someone was using some network monitering software (if you know of any it would be nice to make sure they are correct) but it scans the network for stuff and it saw the port hack going out. not sure to which computer or what, they just happen to see it. also thanks intelcrazy for trying

 

[hermeslyre]

The best. Ever. Is net tools 5.

http://users.pandora.be/ahmadi/nettools.htm

It has hundreds of useful net tools. It free too. ZOMG. Start < exterior tools < internet tools < network protocol analyzer would be just one of the tools you can use to monitor all traffic/connections.

 

[d14n]

hi...

sorry....actually i dont give a solution at all....hheeh.....newbie...i juts want to know how to check the firewall logs for the client ip address and figure out which pc?

tq

 

[Camper]

Is it a cisco pix firewall?

 

[brian]

yes it is

 

[Camper]

Do you know the source PC thats doing the Scan?
Is the PC scanning all the Network Devices on the network?
You can use a syslog server to display your firewalls logging on your PC.

 

[M0LD0V4N]

I know what the person scanning for open ports is trying to do or he must be trying to check if you are online...you cant block the guy because its on your own network Oh and -Net Tools 5- is almost illegal due to porgrams on it.

Just a warning if that guy has found an open port make sure your Remote Desktop Is Disabled he might gain control of your computer.

 

[hermeslyre]

Really? I actually did notice some, um, weird programs on it. Well at least it's just "almost illegal"

 

[M0LD0V4N]

I know this because you can use Net Tools 5 to search for open ports then Connect to the Computer through the found open ports and then Send a Virus Script that will be enabled as soon as it reaches the Host/Computer.

 

[tlarkin]

You should probably give this over to your system administrator rather than try to figure it out yourself. That way it can be addressed sooner rather than later.

So, if I hear you right, you are saying that someone locally is scanning ports on your internal network? Port scanners are typically called 'sniffers' and they basically sniff around the network looking for what ports are open. A very commonly and powerful one that is used a lot is nmap.

Also depending on what ports you have open depends on what you need to do. I assume you need port 80 for internet, and possibly ports for whatever VPN software you are running, plus if you offer ssh, email, FTP, etc, those ports are open as well.

If you want to audit your network to see what is going on I would suggest starting here:

http://www.remote-exploit.org/backtrack.html