So I open up my sygate personal firewall this morning and lo and behold shaw is scanning 3 or 4 of my ports, is this normal or should I be calling them up and yelling at them?

http://img.photobucket.com/albums/v288/schmooot/various%20posted/scan.jpg

Well it looks like it is coming from the bottom IP address on your list.

If you look into the ports, 135 and 139 are Windows loopholes, 445 is IIS server and I forget what the other 2 are, basically someone has comprimised that IP or is using that IP to scan for open ports to inject/load stuff onto, you can try and call them but it isn't really worth while unless more then 2-3 people call them.

If your firewall blocked it, your good to go and no need to worry about it.

yes shaw will do port scans, they scan the computers to try to find if anyone is running ftp or http or any other servers using their personal home internet, as doing so is not allowed

thats not shaw, but a customer on shaw, imo

hax0r5?! :eek:

Search results for: 24.76.255.38


OrgName: Shaw Communications Inc.
OrgID: SHAWC
Address: Suite 800
Address: 630 - 3rd Ave. SW
City: Calgary
StateProv: AB
PostalCode: T2P-4L4
Country: CA

ReferralServer: rwhois://rs1so.cg.shawcable.net:4321

NetRange: 24.76.0.0 - 24.79.255.255
CIDR: 24.76.0.0/14
NetName: SHAW-COMM
NetHandle: NET-24-76-0-0-1
Parent: NET-24-0-0-0-0
NetType: Direct Allocation
NameServer: NS2SO.CG.SHAWCABLE.NET
NameServer: NS1SO.CG.SHAWCABLE.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2000-12-15
Updated: 2003-06-20

OrgAbuseHandle: SHAWA-ARIN
OrgAbuseName: SHAW ABUSE
OrgAbusePhone: +1-403-750-7420
OrgAbuseEmail: [email protected]

OrgTechHandle: ZS178-ARIN
OrgTechName: Shaw High-Speed Internet
OrgTechPhone: +1-403-750-7428
OrgTechEmail: [email protected]

# ARIN WHOIS database, last updated 2005-05-14 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Originally posted by GoChris
thats not shaw, but a customer on shaw, imo

thats true. someone is using a shaw ip to do scanning on other end-users. its either Spoofing or this someone is using DDoS.
ex. hacker gets into a machine, then that machine is used for attacks on that segment.
you can call up shaw and tell them that this ip is trying to access your network, then they might monitor it.
if your still scared.. then block that port.

so I guess since it was in my security log then my firewall blocked it right? Should I/can I manually disable any or all of those particular ports for any reason?

first check what ports they are for, then check if you use the ports for any application. other wise if your antivirus and security updates are all up-to-date, then you should be ok.
are you using a router?

naw no router.....yet. That'll be my next purchase. Yah everything is up to date so I think it'll be allright

Thanks guys

you must have just got a firewall and arent used to seeing this :)

there are about 4390850349 worms that scan for these ports and try to spread over them. thats some other shaw user infected with something that is trying to spread. expect to see several of these a day. keep your software up to date, and hiding behind a router is always a good idea.

Originally posted by Genjuro


thats true. someone is using a shaw ip to do scanning on other end-users. its either Spoofing or this someone is using DDoS.


Do you even know what spoofing or DDoS is?

Spoofing is using an "IP" from a machine which the IP is not allocated to, for example, 1.1.1.1 using 2.2.2.2, it tricks the network into believing ti is 2.2.2.2 so it cannot be traced or is traced to the wrong person.

DDoS is Distributed Denial of Service attack, they use more then 1 machine to launch an attack normally ping or syn, against a machine, to disable its network and knock it to its knees so they cannot access the internet or disable services they provide.

Trust me, I used to do that kind of stuff.

This is neither of those. This is more likely a trojan scanning for vulnerabilits such as the Windows loopholes that were widely used for awhile until microsoft released the patch for it, but people still do not upgrade so they are vulnerable. It isn't a DDoS at this stage but could potentially be one in the end, although it could be a trojan just scanning to make a network, access information such as Credit cards and saved passwords, or to proove a point.

When the windows vuln first came out, about 2 months later a group of white hats (Good "hackers") released a trojan that would "infect" vulnerable machines, patch them, send a warning to the user that they were vulnerable, and delete itself, then it would move on, basically helping the helpless.

wow so if I just keep my antivirus and firewall definitions up to date I should be alright eh. WHat about microshafts service packs? I don't think I have pack one or two, I tried to install them but it wouldn't let me with my copy of windows

There shouldn't be a problem installing SP2, why won't it let you?

Use Windows Update to install patchs, then install Windows XP SP 2, then install the updates for that.

Originally posted by AllGoNoShow


Do you even know what spoofing or DDoS is?

Spoofing is using an "IP" from a machine which the IP is not allocated to, for example, 1.1.1.1 using 2.2.2.2, it tricks the network into believing ti is 2.2.2.2 so it cannot be traced or is traced to the wrong person.

DDoS is Distributed Denial of Service attack, they use more then 1 machine to launch an attack normally ping or syn, against a machine, to disable its network and knock it to its knees so they cannot access the internet or disable services they provide.

Trust me, I used to do that kind of stuff.

This is neither of those. This is more likely a trojan scanning for vulnerabilits such as the Windows loopholes that were widely used for awhile until microsoft released the patch for it, but people still do not upgrade so they are vulnerable. It isn't a DDoS at this stage but could potentially be one in the end, although it could be a trojan just scanning to make a network, access information such as Credit cards and saved passwords, or to proove a point.

When the windows vuln first came out, about 2 months later a group of white hats (Good "hackers") released a trojan that would "infect" vulnerable machines, patch them, send a warning to the user that they were vulnerable, and delete itself, then it would move on, basically helping the helpless.

yes as a matter of fucking fact i do know what this is buddy. why would i say it if i didnt know what i was talking about?
and what i said is exactly what could be happening with him. did you not read what i wrote?
it is nearly impossible for someone with knowledge on port scanners to not know when to patch or update his shit.

i asked if he had a router installed because it would help.
its most likely what is going on here. trojans are hard to place on a pc thats secured properly. scanning on that segment is quite possible..either its a stupid customer from shaw or a dumbass got himself a trojan and the server (remote haxor) is scanning Other pcs on the segment.

lol i do this shit for a living, dont try to teach me.

wait wait... you know about port scanning and updating antivirus... but not service packs?

:confused:

Well if you do this for a living you better re-learn what DDoS and Spoofing is...

I'm not arguing the fact about routers or such but some people just go with what they know and skip the rest, and he doesn't even have SP2 which could save him alot of hassle so i thought we better get this info straight, not attacking you or anything.

ok kids, put the e-cocks away :tongue:

its just another infected machine trying to spread, carry on...

Originally posted by googe
ok kids, put the e-cocks away :tongue:

its just another infected machine trying to spread, carry on... lol:D

Originally posted by schmooot
wow so if I just keep my antivirus and firewall definitions up to date I should be alright eh. WHat about microshafts service packs? I don't think I have pack one or two, I tried to install them but it wouldn't let me with my copy of windows

I have the cds for sp2 but when I go to install it it says my copy of windows isn't valid and can't continue. So I just left it

Yah I got those CDs too, piles of shit :)

let me find you the link

http://www.microsoft.com/downloads/details.aspx?FamilyID=049C9DBE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en

don't worry about the name of it, works perfectly fine, I use it on my laptop and will be using it from now on as I burned it for reference.

I'll try that thanks

mmmmmmmmmmmmm............glyvin

Originally posted by rip
mmmmmmmmmmmmm............glyvin


hahahahahah :D mmmmmmmmmmmmmm.....GLYVIN HoooovvinN!!



Originally posted by AllGoNoShow
http://www.microsoft.com/downloads/details.aspx?FamilyID=049C9DBE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en

don't worry about the name of it, works perfectly fine, I use it on my laptop and will be using it from now on as I burned it for reference.

please give a fellow beyonder access to 0day Warez sites plz ;)

Originally posted by AcuraTl



hahahahahah :D mmmmmmmmmmmmmm.....GLYVIN HoooovvinN!!




please give a fellow beyonder access to 0day Warez sites plz ;)

....... so you are as much of a useless dick as everyone says.....

Originally posted by AllGoNoShow


....... so you are as much of a useless dick as everyone says.....

lol why the hate? i did wink at you ddint i??

Ok so your a queer too?

Originally posted by AllGoNoShow
Ok so your a queer too?

lol...

right....so back on topic. Same as before it won't install service pack to cuz it says my serial number for windows in invalid. So either I get a hold of a prog that can reset it to one that I know is valid or I do a format and reinstall everything (maybe clean a little crap up while I'm at it)

Originally posted by Genjuro
lol i do this shit for a living, dont try to teach me.

I feel sorry for where you work doing this.

Originally posted by schmooot
right....so back on topic. Same as before it won't install service pack to cuz it says my serial number for windows in invalid. So either I get a hold of a prog that can reset it to one that I know is valid or I do a format and reinstall everything (maybe clean a little crap up while I'm at it)

heh its highly illegal to use a pirated copy...BUT since ur a beyonder...


http://forum.iamnotageek.com/t-65333.html

get this tool or whatever...then get ahold of a winxp cdkey generator scroll around for about 10 mins then grab a cdkey...try again it shud work

Whatever man, I'm using an illegal copy on both my machines and I'm having no issues :), ofcourse you have to choose the method of downloading and such where it take syou there directly, not confirming your Windows XP, otherwise yes it won't let you.

and for the admins no I'm not supporting Piracy I jsut cant afford a $400 Operating system that is so vulnerable at the moment.

Also, if you try to get SP1 because SP2 won't work, you will be worse off then you are now so just try for SP2 to get it to install properly.

Originally posted by AcuraTl


heh its highly illegal to use a pirated copy...BUT since ur a beyonder...


http://forum.iamnotageek.com/t-65333.html

get this tool or whatever...then get ahold of a winxp cdkey generator scroll around for about 10 mins then grab a cdkey...try again it shud work

thanks I already have a list of cd-keys its that tool that I need that allows me to change it.

Originally posted by AllGoNoShow
Whatever man, I'm using an illegal copy on both my machines and I'm having no issues :), ofcourse you have to choose the method of downloading and such where it take syou there directly, not confirming your Windows XP, otherwise yes it won't let you.

and for the admins no I'm not supporting Piracy I jsut cant afford a $400 Operating system that is so vulnerable at the moment.

Also, if you try to get SP1 because SP2 won't work, you will be worse off then you are now so just try for SP2 to get it to install properly.

no no I downloaded the complete file, then it extracts it and starts the process, then it says "checking system configuration" or something for about 20 minutes, then it tells me I don't have a valid cd key. Does the same thing with the cd's.

I'll use that program and change the code

Originally posted by schmooot


no no I downloaded the complete file, then it extracts it and starts the process, then it says "checking system configuration" or something for about 20 minutes, then it tells me I don't have a valid cd key. Does the same thing with the cd's.

I'll use that program and change the code

cool shoot a msg towards me if ya need anyfin elz

Odd I wonder if they changed it over, although my keys are a little more classified then publicly avalible so maybe thats it.

Originally posted by AllGoNoShow
Odd I wonder if they changed it over, although my keys are a little more classified then publicly avalible so maybe thats it.

i dunno all i know is that they blacklisted an ass load of keys

Yes they did.

I don't endorse giving out illegal keys so yah *cough*

Anyways, any luck yet?

tryin right now, I'll let you know

kay changed the key to one off my list, now to try sp2 again

Suggest you get a hardware firewall that uses NAT and port blocking. You can get one for $100 or less in CowTown.

I wanted more security so I picked up an OLD pentium pc and an extra NIC ($125) and installed SmoothWall on it. This allows rules based IP filtering, intrusion detection system, syslog, web proxy and other enhanced security features found in expensive corporate firewalls. Smoothwall is a free download at:

http://www.smoothwall.org

Originally posted by tt398
[B]Suggest you get a hardware firewall that uses NAT and port blocking. You can get one for $100 or less in CowTown.



Will this also allow me to branch my cable connection to another computer in the house?

Yes, it also allows you to restrict what ports if any are open on which machines, if you choose to open none, it blocks them all, provides a firewall abit more reliable then software firewalls, also harder for "hackers" to shut down yet still maintain access to the computer as if they shutdown the firewall then it cuts access off to the computer.

Originally posted by schmooot


Will this also allow me to branch my cable connection to another computer in the house?

Yes. NAT translates the public address given to you by your ISP into a whole class C subnet. In short you get lots of addresses to play with. The firewall allows you to SELECTIVELY open tcp and/or udp port acesss from outside sources.

In short, don't broadband connect to the internet without one.

Look at http://www.smoothwall.org forums and search for network diagrams - this will show you how to setup the physical cable layout of the firewall and an ethernet switch.

Smoothwall might be a bit much for some people. If you don't want to setup the OS and such on a spare computer and do it that way, look into Linksys routers (Now owned by Cisco or Linksys bought Cisco, same shit diff pile) Stay away from D-Link and SMC, they tend not to work well half the time.

Another one similar to Smoothwall is m0n0wall and ofcourse you could learn iptables and DHCP servers and such yourself and build your own Linux/Unix based config's and do it that way.

Originally posted by AllGoNoShow
Smoothwall might be a bit much for some people. If you don't want to setup the OS and such on a spare computer and do it that way, look into Linksys routers (Now owned by Cisco or Linksys bought Cisco, same shit diff pile) Stay away from D-Link and SMC, they tend not to work well half the time.

Another one similar to Smoothwall is m0n0wall and ofcourse you could learn iptables and DHCP servers and such yourself and build your own Linux/Unix based config's and do it that way.

I guess I am a reprehensible Linux GEEK....:angel: :devil: :angel:

There's a few of us ;)

haha ya you lost me in the technical lingo for a second but allgo cleared it up. I think I'll look into a small linksys one, all i need is one other computer in the house connected and a hardware firewall. That should do just fine for my purposes. thanks guys