Port Scanning

Discussion in 'macOS' started by rochow, Feb 17, 2014.

  1. rochow macrumors member

    Joined:
    Aug 20, 2013
    #1
    I've got a website I keep getting banned from because of "port scanning".
    I'm on normal home internet, no proxy.

    Would there a reason?

    Maverick, Safari 7.0.1. Active extensions are AdBlock, ySlow, hoverzoom.

    I have avast installed, pretty sure computer is clean in general (I download safely online, but that's not to say people sending me files haven't been downloading rubbish and got their computer infected).

    Any ideas?

    Code:
    ===========================================
    Sample of block hits:
    LEN=52 TOS=0x00 PREC=0x00 TTL=38 ID=58395 PROTO=UDP SPT=59701 DPT=33577 LEN=32
    LEN=52 TOS=0x00 PREC=0x00 TTL=38 ID=58396 PROTO=UDP SPT=64069 DPT=33578 LEN=32
    LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=58397 PROTO=UDP SPT=58732 DPT=33579 LEN=32
    LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=58398 PROTO=UDP SPT=50368 DPT=33580 LEN=32
    LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=58399 PROTO=UDP SPT=51288 DPT=33581 LEN=32
    LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=58400 PROTO=UDP SPT=56873 DPT=33582 LEN=32
    LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=58401 PROTO=UDP SPT=57017 DPT=33583 LEN=32
    LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=58402 PROTO=UDP SPT=51482 DPT=33584 LEN=32
    LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=58403 PROTO=UDP SPT=56422 DPT=33585 LEN=32
    LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=58404 PROTO=UDP SPT=64686 DPT=33586 LEN=32
    LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=58405 PROTO=UDP SPT=53697 DPT=33587 LEN=32
     
  2. ElectronGuru macrumors 65816

    Joined:
    Sep 5, 2013
    Location:
    Oregon, USA
    #2
    First things that come to mind:

    1) you have a compromised device (zombie) that someone else is using
    2) you have a compromised wifi, that a neighbor is using to scan

    Do you have the means to scan your network for activity/intruders?
     
  3. rochow thread starter macrumors member

    Joined:
    Aug 20, 2013
    #3
    It's a website I visit (legit too, for those thinking otherwise haha) so it's not a random site or anything.

    I'm technical, I don't have much experience in this area though. Download Wireshark or something and see what outbound requests the computer is sending?

    Unlikely wifi, I changed my password just the other month (when I was trying to figure out what was using all my bandwidth. Bloody app store!)

    It may be nothing, seems weird that I'd visit a normal website in my normal browser, and they'd block me for 'port scanning'. They sent the logs with the ports the IP was apparently scanning, if those particular ones mean anything.
     

Share This Page