What better place to ask for help than from the Pros @ SpeedGuide!

I just installed BlackIce on my system and man was I shocked!!!
Within the span of 10 min, I had 4 Sub Seven Probes and 8 Port probes!!!

Now I know that this is probably a lame question for U pros out there, but what do I do???

BlackIce is blocking them, and I have there DNS, ISP, IP, and MAC.
Do I report them to there ISP?
Is it possible to email them?
Do I just ignore them?

If we don't stop them, wont all of these probes slow down my line speed that guys have helped me establish?

Would really like to email them and tell them off, but I'm open to Ideas.

LiquidDream

I would venture to state that most of us just ignore them. Our firewalls are stopping them so no harm done.

If you go the route of complaining and writing emails to abuse lines, you'll spend all your time doing just that. These scans are constant, 24/7
They never go away so use your time for better things :)

A lot of them are in countries that won't listen anyway. ISP's don't make much money when they cancel services.

Originally posted by Norm
I would venture to state that most of us just ignore them. Our firewalls are stopping them so no harm done.

If you go the route of complaining and writing emails to abuse lines, you'll spend all your time doing just that. These scans are constant, 24/7
They never go away so use your time for better things :)

A lot of them are in countries that won't listen anyway. ISP's don't make much money when they cancel services.

Exactly as Norm has stated. I see at least 100 to 125 hits in any given week. They are annoying, but unless your computer has been compromised, you might as well learn to live with the probes. ;)

I'd like to add that since I installed a router, my software firewall (ZoneAlarm) rarely gets any hits. Most come from my other PC broadcasting, the others are just web sites pinging me back when I close my browser.

Get yourself a router and you'll be more secure.

Blebbs, do you have a router?

Nope, No router here.
If I had some really important things on here, I would secure it better. I have nothing of importance, so if I'm compromised, I can live with it temporarily. :)

Originally posted by blebs99
so if I'm compromised, I can live with it temporarily. :) I'm sure you can :)

If you're anything like me, you've learned your lesson about keeping backups, and using security tools.

Later blebbs :)

First of all, BlackICE is a horrible firewall. There's tons of malicious attacks that can slip right through BlackICE's defenses undetected. If you want a good software firewall, use ZoneAlarm Personal Edition (http://www.zonelabs.com/), or my personal favorite Tiny Personal Firewall (http://www.tinysoftware.com/). Both are free, and they work much better than ZoneAlarm. Even better, get a hardware firewall, I recommend the Linksys BEFSR41 (4 Port) and BEFSR81 (8 Port) routers, both provide a great amount of security, speed, and features.

Now that I'm done ranting about BlackICE's lack of security and pimping my favorite products, I'll answer your question. I've done my fair bit of cracking in the past, nothing to damage anyone's systems, but mostly out of curiosity... you know, just snooping around their PC and not touching anything. Port probing is nothing you should be ultimately concerned about. I'll try to explain how port probing works... here goes.

When a cracker wants to find a random computer to compromise, he or she will perform a port probe on a range of IP addresses. This is usually a random range of small to medium-large proportions, depending on how patient the cracker is. After the port scan is completed, a list is generated of all the compromisable computers in that port scan. This list usually consists of thousands of computers, and one unlucky winner is selected. Getting compromised from a random port scan carries similar odds to winning the lottery, it's a pretty fat chance of you getting compromised... and if you DO happen to be the one selected, chances are that the cracker won't really do anything at all.

Crackers like myself do this for fun, a challenge to ourselves, and very seldomly do we intentionally do any damage. Like I said, it's mostly just for curiosity, and the thrill of getting into someone's system... damaging someone's computer could get us into a lot of trouble if we were caught, which is why we usually just look around the computer for five minutes and then leave. Crackers are always port scanning left, right and center, so getting 200+ hits per week in your logfiles is considered normal.

However, this is not always the case. Some crackers do targeted port scans to specific computers, usually on someone's computer that might have a lot of valuable content to either steal or destroy, depending on the cracker's intents. This being said, watch your back when chatting on IRC or through instant messengers, and don't make anyone exceptionally angry for whatever reason.

A common misconception that Internet users have is that they're anonymous. This could not be further from the truth, anyone with enough skill and aptitude can and will attack your computer if they want to. Just a word of warning to all of you reading this, don't try and act like the big tough guy when on the Internet, that's considered "asking for it" by many malicious crackers. It's like walking around downtown carrying a sign that says "nobody can kick my ass", eventually someone's gonna walk up and prove you wrong.

Use your manners and common sense, keep a low profile, and remember that you're not the least bit anonymous on the Internet... and you won't have to worry about any problems like this. Most of all, just in case someone does want to break into your computer, make sure it's properly secured! I cannot stress this enough.

First of all, BlackICE is a horrible firewall. There's tons of malicious attacks that can slip right through BlackICE's defenses undetected. If you want a good software firewall, use ZoneAlarm Personal Edition (http://www.zonelabs.com/), or my personal favorite Tiny Personal Firewall (http://www.tinysoftware.com/). Both are free, and they work much better than ZoneAlarm. Even better, get a hardware firewall, I recommend the Linksys BEFSR41 (4 Port) and BEFSR81 (8 Port) routers, both provide a great amount of security, speed, and features.


Tiny is a good FW and ZA is also, BID is also a good FW but saying its horrible seems a bit rough, i use BID (server version) and have nought a problem, the only big hype ZA has is it blocks outgoing ...well whoopDeDo...i know whats on my machine , and i also have common sense when using the internet.
BID for server is a top knotch FW/intrusion dection system that i will continue to support. Phooey on all the others !

Crackers like myself do this for fun, a challenge to ourselves, and very seldomly do we intentionally do any damage

Thank you very much for that intuitive look into the mind of a high skilled ex-cracker.

Just a word of warning to all of you reading this, don't try and act like the big tough guy when on the Internet, that's considered "asking for it" by many malicious crackers. It's like walking around downtown carrying a sign that says "nobody can kick my ass", eventually someone's gonna walk up and prove you wrong

Don't worry, knowing that people of your skill and persona are out there p0rt scanning for computers to crack will make me keep my mouth shut.

Again thank you for this look into the mind of a true cracker.

regards,
greEd

Attacking BID because you can "slip right through" it gives the reader the impression that BID is the only Port Monitor that this can be done to. That is not the case.

Any one of the personal port monitoring products you have mentioned can be compromised in the same fashion. By impersonating a service/app/computer/user that the product(s) have deemed "trusted" in one form or another, the cracker/hacker/attacker can gain access to the target machine. Also, running any services/apps on the target box that have their own flaws is another very easy way to bypass the software. Running IIS, IRC, IM software, or any software that has a machine compromising hole, renders the "firewall" software useless. These are $40/Free products. They all do just about the same thing.

I'm sure I've started the age old debate on incoming/outgoing traffic monitoring yet again. However, remember that is not my point. Regardless if the product monitors all/some/none of the traffic visiting your machine, all of the products still susceptable to attack because of the way they have been designed.

Whoever's product you decide to "pimp", remember your only getting a maximum of $40 dollars worth of security.

Originally posted by Thorazine
Attacking BID because you can "slip right through" it gives the reader the impression that BID is the only Port Monitor that this can be done to. That is not the case.

Any one of the personal port monitoring products you have mentioned can be compromised in the same fashion. By impersonating a service/app/computer/user that the product(s) have deemed "trusted" in one form or another, the cracker/hacker/attacker can gain access to the target machine. Also, running any services/apps on the target box that have their own flaws is another very easy way to bypass the software. Running IIS, IRC, IM software, or any software that has a machine compromising hole, renders the "firewall" software useless. These are $40/Free products. They all do just about the same thing.

I'm sure I've started the age old debate on incoming/outgoing traffic monitoring yet again. However, remember that is not my point. Regardless if the product monitors all/some/none of the traffic visiting your machine, all of the products still susceptable to attack because of the way they have been designed.

Whoever's product you decide to "pimp", remember your only getting a maximum of $40 dollars worth of security.


So....what's your point?

"Regardless if the product monitors all/some/none of the traffic visiting your machine, all of the products still susceptable to attack because of the way they have been designed."

BID is not the only one with this issue.


What part of my message did you not understand?

anyone have a online store link to the Router that they suggest for a 3 computer home network? thanks

Originally posted by Thorazine
"Regardless if the product monitors all/some/none of the traffic visiting your machine, all of the products still susceptable to attack because of the way they have been designed."

BID is not the only one with this issue.


What part of my message did you not understand?

Hey i understood ...i just asked what's your point?

:rolleyes: ?