Mirc [Sygate reports port scan attack while logging on]

Hi whilst logging into MIRC sygate firewall is telling me this:

port scan attack

Somebody is scanning your computer.
Your computer's TCP ports:
28882, 10000, 58, and 6000 have been scanned from 207.182.243.125..

what is this please?

thanks
Claudine

 

Hello Claudine,

looking up the IP address here: http://www.arin.net/whois/

Comes up with Velocity Networks as the owner of IP address.

This is a scan of systems across a network by someone that uses Velocity Networks, looking for open ports. May or may not be malicious. ISP's and Network admins scan networks as a security measure. Hackers use scans to find vulnerable systems with open ports.

In either case, Sygate is doing it's job by blocking the reported ports.

Regards - Charles

 

I don't get it....what did I do wrong???? can someone help me with this at least please?

Charles what can I do to check whether this is malicious or not? can I block it somehow?

 

Hi Cloudine,

Sygate is blocking it. You can't stop the scans themselves, only block them. I wouldn't worry about it.

If it is malacious, then most likely its an infected system with a trojan that's looking for others to infect. Can't really tell unless there are a lot of these scans and with a pattern of about the same time(s) during the day. That's an indication of someone turning on their system around the same time daily.

Pete was reacting to your thread title - we encourage meaningfull tiltles so that others searching with this or similiar problem will come upon your thread. I was going to change your title but Pete beat me to it.

Regards - Charles

 

still didn't get it....sorry...there was no indication that sygate blocked it....port scan attack is logged....that doesn't showe it is being blocked no?

someoen told me that people can get your ip ad....what is it? they stole money from his internet banking...he thinks people from mirc chatting...what is this please? how can this happen? does this mean I must stop using mirc?

 

It is being blocked - the forewall is logging the scan for your information; as a former user of Sygate I can attest to that. And every firewall does the same thing.

Your IP address is public knowlege - look in Sysgate's logs for yours under destination I think.

What got stolen is the password(s) to access the account(s). Not the user's IP address which doesn't get you anywhere unless the system is unprotected. The means to steal the passward is done either thru a fraudulant email pointing to a bad website or a trojan got onto the system. In either case, it came thru the Browser, not the firewall.

Regards - Charles

 

No I don't mean through the firewall but through MIRC....the chatting program

 

I don't know anything about MIRC, so can't pass judgement about it's safety. A quick search on it doesn't come up with any major alarms. There are, as in any software, holes and bugs. There are specific downsides the way scripting is used in an earlier version - see http://en.wikipedia.org/wiki/MIRC

In the meantime, list the security software you're using and we'll see if there is anything to add or substitute to make your system more secure.

Regards - Charles

 

I'm using sygate personal firewall, ewido anti spyware, spybot and f-prot antivirus

 

Hi Cloudine,

Good security programs and I would not substitute anything else.

There are additional measures you can take. Read TeMerc's recomendations on security in post #2 here:
http://www.windowsbbs.com/showthread.php?t=60154

SpywareBlaster and IESPY ADS use very little resources and provide an extra layer of protection.

Regards - Charles

 

ok thanks a lot Charles

 

what is the "IESPY ads" tried to look for that program but didn't find any

 

Hi Claudine,

For future reference, in that thread's post #2 for which I gave you the url for - TeMerc's reference to IESPY ADS is highlighted in blue which means clicking on it takes you to the same place that Pete's url does.

Regards - Charles

 

POrt scan attack

Sygate is telling me:


Somebody is scanning your computer.
Your computer's TCP ports:
10777, 1031, 30022, and 1182 have been scanned from 193.109.122.25..

what does this mean?

 

Hi Claudine,

Same thing as in your first post. Your ports are being scanned with the same results - Sygate blocking and logging it.

Go into Sygate's help and lookup Port scan. Sygate will tell you its blocking it and something about what it means. Also look up Port Scan in Google which will give you links to firewall tests. Perhaps that will put your mind at ease

Regards - Charles

 

didn't find anything in the search

 

Hi, bombagirl.

I used to chat a lot (years ago) with mIRC.

Internet Relay Chat (IRC) network servers typically scan connecting "client" computers (such as your computer) for security and/or IRC network stability vulnerabilities. If the IRC server detects open ports that are known to be used for malicious purposes or are susceptible to abuse (due to software on the client computer that may be "listening" for connections on those ports), the IRC server will immediately refuse/terminate the connection.

IRC servers typically will also periodically scan the client computer while the client is connected (in case a problem port opens some time after the connection).

If you use mIRC and you can connect to IRC servers and chat, then I am inclined to say you can ignore those alerts. Your firewall is probably doing its job properly.

What particular IRC network (Undernet, Dalnet, etc.) are you connecting to? I downloaded the latest version of mIRC and I will install/use it to investigate your issue further if you would like me to. If so, then I will need to know what particular IRC network you are connecting to for your chats.


EDIT: By the way, I have found (in the past) some anti-malware applications flagged mIRC as a security risk apparently because some malware uses mIRC (if mIRC is installed) to do its dirty deeds. If you regularly use several anti-malware applications and you are reasonably confident your computer is free of malware, then I expect you can ignore anti-malware application alerts regarding mIRC.

EDIT #2: I expect mIRC and IRC networks still have a feature that allows you set your client as "invisible" when connected to the IRC network. Then people/IRC clients that may be "stalking" you cannot check (not easily anyway) to see if you're connected to the network or get alerts when you connect. The only clients that would know you are on the IRC network are the clients that happen to be in the same "channels" (a.k.a. chat rooms) you are joined to. IRC hackers/geeks might know of ways around that but "invisible mode" is probably still a good measure to enhance your privacy when on the IRC network. I don't recall with certainty what the exact syntax is for setting yourself to invisible mode (an mIRC command something like [FONT= "Courier New"][SIZE= "3"]/mode $me +i[/SIZE][/FONT] on Undernet, if I recall correctly) but I expect I can figure it out pretty quickly after I install mIRC and connect to an IRC server for the IRC network you use.

 

Hi Clauldine,

Start testing your system.

Go to this testing site, PC Flank http://www.pcflank.com/index.htm and use Test Your System on the left in the main page. That will tell you if you have any open ports.

You can test your Browser as well which is the most vulnerable part of the system.



Hi mailman,

Glad to have you here and familiar with mIRC - your offer is very generous

Regards - Charles