Interesting just WHAT makes a good posting. If one can judge a good posting by the length of the thread, then Sadam Hussain is a far, far better hamradio subject than "3CX1500 HF 6m PA" and "C&G Exam Results". In fact I cannot find a posting with more replies than those pertaining to Sod'im.
I once posted a message on the most efficient method of cooking a sausage. Basically, you stick a fork in either end, fasten two wire, then plug it in the mains. THAT posting got a LOT of replies. It even beat Sod'im.
The issue was not about the scanning of the ports, but the in-excess-of 3000 attempts to log onto a single port that had been already found, presumably by scanning.
Why didn't you say this before? Your original complaint was about port scans. What exactly do you now mean by 'log into a port', just so that we know what you are talking about, for once?
This is the first time you mention 3000 attempts. And attempting to connect to 'a single port that had been already found' is not what most of us mean by the term 'port scanning' (your original words for what was going on). Someone repeatedly trying to connect to the same port on the same machine isn't doing a 'port scan'. Get your terminology straight.
Why do have this port open if you don't want people connecting to it?? Probably NetBIOS port, it is a common target for 'script kiddies' to see how many novice computer users haven't secured their systems. When they find a machine with the port open, they run 'hacker tools' to try and gain access to any shares (including the 'hidden' share of 'C$'). It would be wise to close the port. Then any attempt to connect is refused or ignored completely. Are you using some firewall software to monitor these attempts? At least go to
formatting link
and learn how to close your ports and protect yourself.
If you leave the 'front door' open, it is true that the robber is still breaking the law. But you're pretty foolish if you leave the 'front door' open. And knowing that a robber keeps trying your 'front door' means you ought to lock it. Not start silly flame wars on usenet about whether you used the right term, or what chapter/verse of law is being broken.
The 'attacker' probably doesn't even read these news groups. There are people out there in the cyber-world that know all the broad-band ISP address ranges and scan them all every few days, looking for new customers with machines that are open. When they find a networking novice with an open port, they log it for a later, concentrated attack (like your 3000 attempts).
Learn something about IP and what ports you have open and how to close them. Stealth mode is best.
PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.