Pages: [1]

Author Topic: Port scan upon tile download  (Read 5949 times)

Larry

  • Sr. Member
  • ****
  • Posts: 157
    • View Profile
Port scan upon tile download
« on: June 11, 2007, 07:43:36 AM »
At first I thought the port scans that Norton Internet Security 2007 has detecting since installation were all random, but on a closer look not so.

As soon as TF begins to download new tiles a portscan is triggered. NIS reports as follows:

 Details: Attempted Intrusion "Portscan" against your machine was detected and blocked.
Intruder: 64.105.163.108(domain(53)).
Risk Level: Medium.
Protocol: UDP.
Attacked IP: LARRY_R.
Attacked Port: 49985.
 
The attacked port numbers vary.

There has been no problem with downloading tiles, but I'm curious about what's going on. So far I have not been able to figure out who the 'intruder' is. Maybe it's just the Terraserver checking to see what ports it can use.

Does anyone have more info on this?

Larry
Logged

Krein

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 1203
  • TopoFusion Author
    • View Profile
    • http://www.topofusion.com/diary
Port scan upon tile download
« Reply #1 on: June 11, 2007, 09:16:43 AM »
Hmm.  Not sure, I've never noticed this before.  I'm running Outpost Firewall and occasionally see that it is blocking port scan "attacks", but haven't seen this one, nor do I get a port scan when I fire up TF and start downloading tiles.

That IP is:

  Search results for: 64.105.163.108


    OrgName:    Covad Communications Co.
    OrgID:      CVAD
    Address:    2510 Zanker Rd.
    City:       San Jose
    StateProv:  CA
    PostalCode: 95131
    Country:    US


No idea who Covad is, but I think Terraserver is physically located in the bay area (can't confirm this, though), so it might be Terraserver related.

Let us know if you discover anything else, and I'll do the same.
Logged

Larry

  • Sr. Member
  • ****
  • Posts: 157
    • View Profile
Port scan upon tile download
« Reply #2 on: June 11, 2007, 09:38:04 AM »
Krein, my ISP purchaces DSL bandwidth from Covad, so ultimately my connection is through Covad. But that does not explain why a Covad server should do a port scan exactly upon the first tile download. Maybe Terraserver uses Covad?? Or maybe because I've got TF set for 20 connections and the Covad server is trying to figure out which ports on my computer to use?

Yup, 20 connections, and 'persistent connections' disabled. Works great with no slowing or stopping of the tile downloads after an initial flurry as had been the case using persistent connections.

Larry
Logged
Pages: [1]