# Port scans



## am1too (Dec 30, 2009)

What are they? And what causes them? Is it an attack on my puter or something my puter does? If my puter does, I'd like to understand why.

I am considering a seperate hardware firewall as well as my soft ware fire wall.

Does any one have problems resulting from google and ads by or through google? If so how could on recognize them?


----------



## Nevada (Sep 9, 2004)

am1too said:


> What are they? And what causes them? Is it an attack on my puter or something my puter does? If my puter does, I'd like to understand why.
> 
> I am considering a seperate hardware firewall as well as my soft ware fire wall.
> 
> Does any one have problems resulting from google and ads by or through google? If so how could on recognize them?


Port scanning looks for available networking ports that may be open due to an application that has a vulnerability. As far as a port blocking firewall is concerned, a software firewall should be satisfactory for a workstation.

Your best protection against intrusion is to apply your operating system and application updates. Malware is controlled pretty well with virus/malware blockers, such as Avast Free.

Perhaps you could describe the reason you are concerned.


----------



## Kari (Mar 24, 2008)

I tend to disagree on the software firewall only solution.

Simple example. You have a port open on your pc for software program xxxx. This program is not up to date and has a vulnerability in it and as a result, it is compromised. 

A few simple lines of code slipped in can stop and disable just any software firewall that either does not have an unathorized change prevention type switch and the current logged in user has admin rights...which is about 95% of the typical home user. 

An over simple simplification of this; to stop the built-in Windows firewall (and many others) is a simple net stop or an sc query to both stop and disable the firewall service. Needless to say there are many more effective, higher level coding methods that can stop and disable services just as easily.


I always go by the mantra that computers are far better to be first protected at the network perimeter.

For the typical home user, this means routers with up to date firmware with a built-in and properly configured firewall as the software firewalls and AV products on the pc are much more vulnerable to attack if there is no outer perimeter to first block and discourage Charlie from slipping through the wire. Once he is inside it is almost typically too late. And yes I see this on a regular basis....


----------



## Gary in ohio (May 11, 2002)

Your best defense is to block all ports at the router and then only open up those that you need. Problem is, few home routers will allow you do this, just not enough space to white list all you want. they are ok to black list a few ports but that doesnt work well.

For most people a software solution is the best, easy click to allow interface like microsoft uses work well. You dont care about port numbers, just alllow software widget X to work.


In my consulting days I did some network security work and you would have companies say they want to protect their network. SO I would ask them what they want to get through and block everything else. A few hours later the manager would come rushing into my office yelling at all the things that are broken and they dont have time to fine the ports, so I open then back up.....


----------



## Nevada (Sep 9, 2004)

Gary in ohio said:


> For most people a software solution is the best, easy click to allow interface like microsoft uses work well. You dont care about port numbers, just alllow software widget X to work.


I agree. Firewalls with application-based administration keep non-technical people out of trouble a lot better than having them try to administrate a firewall with port numbers. When they goof, they create support problems for themselves. Even with application-based administration it's not unusual for non-technical users to have to pay a computer tech to configure the firewall to make an application work again.

I don't have a lot of confidence in port-blocking firewalls anyway. They're just too easy to defeat. The comfort level that some people have with workstation firewalls disturbs me. Those people aren't getting as much protection as they think they have.

Eventually someone will develop a good behavior-based workstation firewall, similar to firewalls used to protect servers. My opinion of workstation firewalls will greatly improve when that happens. In the meantime, I only use Windows Firewall to keep Windows from bugging me. I keep track of my open ports myself.


----------



## am1too (Dec 30, 2009)

This new puter has bout as many holes in the side as a pin cusion. 3 of them are the kind that a printer cable or flash drive connect with, a phone type port, some kind of very thin long port and another one for 15 pins I've never seen.

I seem to get these scans when searching photobucket. I have no idea what an open port is. I think of it as one of these connection thinkgs that aren't being used. But why would my puter or and intruder be looking for something that isn't connected?

This comes up on my firewall/virus protection program. I have a defender pro product currently. Seems to do more than my previous over price version. Some one mentioned a free version, so cost may not have much to do with it. There is so much out there I'm confused and I think it is only getting worse.


----------



## am1too (Dec 30, 2009)

Gary in ohio said:


> Your best defense is to block all ports at the router and then only open up those that you need. Problem is, few home routers will allow you do this, just not enough space to white list all you want. they are ok to black list a few ports but that doesnt work well.
> 
> For most people a software solution is the best, easy click to allow interface like microsoft uses work well. You dont care about port numbers, just alllow software widget X to work.
> 
> ...


What is whte list and black list? You guys are pretty good, I think.


----------



## Nevada (Sep 9, 2004)

am1too said:


> I seem to get these scans when searching photobucket. I have no idea what an open port is. I think of it as one of these connection thinkgs that aren't being used. But why would my puter or and intruder be looking for something that isn't connected?


Sounds like an ad, or possibly even a malware infection. I don't think anyone is really scanning you. More likely they are trying to sell you something.


----------



## am1too (Dec 30, 2009)

Nevada said:


> Sounds like an ad, or possibly even a malware infection. I don't think anyone is really scanning you. More likely they are trying to sell you something.


My firewall blocks it what ever it is. Thanks.


----------



## idigbeets (Sep 3, 2011)

you'd be surprised how many open ports your computer uses to connect to the internet... just check out the command line and type in netstat-a while connected to the net...

If you regularly update your pc (windows), run malware/spyware, up to date anti virus, and a firewall running you are reasonably secure.


----------



## Kung (Jan 19, 2004)

I gotta go with Kari on this one. Yes, a decent software solution is very nice, but software can ALWAYS be configured. If the primary concern is "CIA" (confidentiality, integrity, availiability) from an IS point of view, the best way to ensure that is with a hardware firewall (e.g., router) that can't be disabled with some properly configured code.

This being said, is that too much for most home users? Yes, it is. But is it that hard to do? For someone who wants to learn, no, not at all. There are TONS of how-to's on the internet about how to do so - as well as tons of info on which routers support port configurations.


----------



## Nevada (Sep 9, 2004)

idigbeets said:


> you'd be surprised how many open ports your computer uses to connect to the internet... just check out the command line and type in netstat-a while connected to the net...


That statement illustrates my point very well. Most workstation users have no clue which ports are open, or even which ports they use. Moreover, even if they ran "netstat -a" most workstation users wouldn't know what it means anyway (by the way, note that a space is required between netstat and -a). Also be aware that even though a port might be active in your network configuration, it could still be blocked by a firewall.

But just so you know, I wouldn't be surprised at all about which ports are open in my workstation. I know exactly which ports are open because I keep track of it. This is something that most server operators obsess over (those who don't obsess now will start obsessing after they get rooted their first time).


----------



## idigbeets (Sep 3, 2011)

Yea i typoed that command oops 

A good hardware firewall, software firewall, malware/spyware tools, and a reliable anti virus should keep 90% of the nasties off a pc. I think in the 25+ years I've been online I've picked up a virus or some nasty 2-3 times. 

Obsessing over port scans isn't something that average pc user needs to worry about if the above conditions are met.


----------



## am1too (Dec 30, 2009)

idigbeets said:


> you'd be surprised how many open ports your computer uses to connect to the internet... just check out the command line and type in netstat-a while connected to the net...
> 
> If you regularly update your pc (windows), run malware/spyware, up to date anti virus, and a firewall running you are reasonably secure.


OK what is a command line?


----------



## am1too (Dec 30, 2009)

idigbeets said:


> Yea i typoed that command oops
> 
> A good hardware firewall, software firewall, malware/spyware tools, and a reliable anti virus should keep 90% of the nasties off a pc. I think in the 25+ years I've been online I've picked up a virus or some nasty 2-3 times.
> 
> Obsessing over port scans isn't something that average pc user needs to worry about if the above conditions are met.


OK I assume that a hardware firewall is seperate from the puter itself or at least between the connection and the puter. I think of the software/ malware/spyware as all software ie programs actually on my hard drive.


----------



## Kung (Jan 19, 2004)

am1too said:


> OK what is a command line?


Hold down the CTRL key, and hit the "R" button.

Then, in the box that pops up, type *cmd*.

The black box that pops up after that, when you hit Enter, is the command console, where you can type commands, if need be. This is where you'd type nbtstat -a.


----------



## Kung (Jan 19, 2004)

am1too said:


> OK I assume that a hardware firewall is seperate from the puter itself or at least between the connection and the puter. I think of the software/ malware/spyware as all software ie programs actually on my hard drive.


Correct - a router is a 'hardware' firewall, in that it's not a software program loaded on your computer.


----------

