Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

contoursvt

macrumors 6502a
Original poster
Jul 22, 2005
832
0
...or at least this is what I see in my firewall logs often (there are hundreds of these)


10/03/2009 12:53:15.288 - Possible Port Scan - Source:74.86.98.223, 56025, WAN

10/03/2009 13:42:59.176 - Possible Port Scan - Source:74.86.98.223, 56025, WAN

10/03/2009 13:59:19.320 - Possible Port Scan - Source:74.86.98.223, 56025, WAN

10/03/2009 20:15:21.400 - Probable Port Scan - Source:74.86.98.223, 56025, WAN

10/04/2009 02:12:49.848 - Ini Killer Attack Dropped - Source:74.86.98.223, 56025, WAN

10/04/2009 02:18:28.304 - Probable Port Scan - Source:74.86.98.223, 56025, WAN


So I did a trace route and it goes back to a place called softlayer.com

I did a port scan back to see if I could identify at least what was doing this and I found a terminal services port open. If I connect to that IP, I get greeted by a windows server 2003 R2 box.

Whats my best course of action at this point? I initially thought of releasing and renewing my IP from my ISP but it keeps giving me the same IP back. Should I just give them a call?

Any suggestions welcome
 

electroshock

macrumors 6502a
Sep 7, 2009
641
0
For starters, make sure you're blocking anything from that IP (or even subnet if so inclined). Beyond that, unless they're actually doing damage or interfering with your service or bandwidth, not really much of a point to calling them or the ISP. Too many bigger fish to fry and not enough time/resources and all that jazz.

Port scans by themselves aren't harmful, especially if all of your doors and windows are locked and properly secured. It's just a wannabe burglar jiggling the locks to see if something has been left open.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.