dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1246
share rss forum feed

sentra99

join:2003-12-27
Troy, IL

Port Scanning

I received a email from charter saying someone was running a port scanner on my network. That is against there tos and I needed to update my antivirus and so on.
I am running ubuntu and not sure how to make sure its not running a port scanner. Called charter security team they weren't very helpful. They are threatening termination of service if its not fixed. Yet they cant tell me how to fix it. Can someone help me figure out what is going on.

aguen
Premium
join:2003-07-16
Grants Pass, OR
kudos:2
Did they tell you what port/dest. IP address was being scanned for?

Are you running any services on your Ubuntu server, like SSH, FTP, etc.?

Your machine may have been rooted, so you should at least look for any unknown user id's and or processes that are running that shouldn't be.

If you need more specific help, then you should post in the Linux forum here at DSLR, or on the Ubuntu forums.


crazyk4952
Premium
join:2002-02-04
united state
kudos:1
Reviews:
·CircleNet
·CenturyLink
·Vitelity VOIP
·Charter

1 edit
reply to sentra99
said by sentra99:

I received a email from charter saying someone was running a port scanner on my network. That is against there tos and I needed to update my antivirus and so on.
I am running ubuntu and not sure how to make sure its not running a port scanner. Called charter security team they weren't very helpful. They are threatening termination of service if its not fixed. Yet they cant tell me how to fix it. Can someone help me figure out what is going on.

I find it unlikely that your Ubuntu machine has been hacked to run a port scanner. If you have any windows machines on your network, make sure those all are running with current virus definitions.

Also, if you have a wifi network, it is worth considering that someone may have hacked into it. Be sure you are using WPA2 encryption and turn off WPS (if you can). I suggest you change your wifi password to a strong password. You may wish to use a pseudorandom password generator (such as »www.grc.com/passwords.htm).

sentra99

join:2003-12-27
Troy, IL
My network is password protected and there is no windows machines on the network. The only thing else on my network are two raspberry pi machines. I havent installed anything on them. That would have anything to do with port scanning. I have changed all my passwords just in case.

My router is running dd wrt so its not stock not sure if that would cause anything. So I have set the dd wrt software on the router back to default

The annoying thing is charter cant/wont give me any more information. They wont tell me what port its scanning for. So if it happens again I hope they dont terminate my account. Because I have done everything they have said. Hard to troubleshoot with no information.


crazyk4952
Premium
join:2002-02-04
united state
kudos:1
Reviews:
·CircleNet
·CenturyLink
·Vitelity VOIP
·Charter
said by sentra99:

The annoying thing is charter cant/wont give me any more information. They wont tell me what port its scanning for.

Port scanners look for open ports on various IP addresses. They don't just look for one port. Typically, they look for well known ports (»en.wikipedia.org/wiki/List_of_TC···wn_ports). They can also just scan the entire range of ports (1-65,535). Once open ports are found, they can be used to exploit security vulnerabilities on those computers/servers.

You might want to install and run ClamAV on your Ubuntu machine. »help.ubuntu.com/community/ClamAV


CoolMan

join:2008-01-07
Tennessee
kudos:2
Reviews:
·Charter
·Suddenlink
reply to sentra99
said by sentra99:

My router is running dd wrt so its not stock not sure if that would cause anything. So I have set the dd wrt software on the router back to default

Do you have Universal Plug and Play (UPnP) enabled in your router? ... if so it might be a good idea to disable it.


cork1958
Cork
Premium
join:2000-02-26
reply to aguen
said by aguen:

Did they tell you what port/dest. IP address was being scanned for?

Are you running any services on your Ubuntu server, like SSH, FTP, etc.?

Your machine may have been rooted, so you should at least look for any unknown user id's and or processes that are running that shouldn't be.

If you need more specific help, then you should post in the Linux forum here at DSLR, or on the Ubuntu forums.

I don't see where OP said anything about running any server, but if they are, yes, that is against Charters TOS.

I'm just going to guess that Charter doesn't know what they're talking about, it IS possible, and if they DO cut your service, I would fight them to at least find out what for EXACTLY. You have every right to know, especially if you have co-operated with them as fully as possible.

That ClamAV that crazyk4952 mentioned totally sucks, but it's better than nothing and about the only AV for Linux, that doesn't go beyond the point of ridiculousness for an everyday user!

Disabling UPnP is advisable!
--
The Firefox alternative.
»www.mozilla.org/projects/seamonkey/


mmainprize

join:2001-12-06
Houghton Lake, MI
Reviews:
·Charter
reply to sentra99
Well you should download and install some network sniffing software for Ubuntu, i don't know about Ubuntu so i can't tell what to use. once installed then you can see what is going on.
It is possible you have some virus or bot installed and it is looking for other computer to infect, but you need to see what process is doing it and scanning the network to be able to fix it.


crazyk4952
Premium
join:2002-02-04
united state
kudos:1
Reviews:
·CircleNet
·CenturyLink
·Vitelity VOIP
·Charter
reply to cork1958
said by cork1958:

That ClamAV that crazyk4952 mentioned totally sucks, but it's better than nothing and about the only AV for Linux, that doesn't go beyond the point of ridiculousness for an everyday user!

I have used it a few times, but have never had a virus on any of my linux machines, so I can't speak to how well it works.

There are a few other programs that are mentioned in this article that may be worth a look:
»www.makeuseof.com/tag/free-linux···rograms/