Hackers/Port Scans!!!! Whats the story?

Im running McAfee Internet Security 7 and literally every minute I get port scanned from locations worldwide. Im in the UK and getting port scans from EVERYWHERE!!
When traced I can get their location and details and I have reported many to hackerwatch.org but Im unsure of what all this means and I would love someone to please explain what its all about...

I havent got any pirated music or DVDs etc, this is a recent install and I am running XP SP1. Literally every minute since last night it began and my event log has the IPs and what port they were pinging. It has been everywhere from Budapest, Austalia, Washington DC, NY, LA, Europe...the list goes on and its varied so it makes me think like my IP or account info has been like shared or up for display somewhere??

If anyone can please advise, it would be greatly appreciated.

I emailed McAfee but like usual, no response to queries.:bash:

Having not seen McAfee's program, I don't know how it sorts information on port probes, but can you tell what are the most common ones? The machines I monitor get 20-30 hits an hour, mostly automated scans from worm-infected computers looking for vulnerable computers to infect. Topping the list are ports 80, 135 & 445 thanks to Nimda, Code Red, & Blaster.

Hi Thanks,

Yeah, mostly those but in addition there is port 139 and then some really way out ones like 15266, 27260, 15266. I exported the event log from today which I emailed to McAfee. I can U2U you it if you like, it is crazy. Literally every minute from so many different locations and the trace bounces from one city to the next.

I have the latest updates (Except for Service pack2) and McAfee is fully updated and registered and I scan frequently and have detected nothing on my pc.

I use a program called AWSPS ( All Windows Security Port Scanner ) it traces, routing etc, etc, there are plenty of free port scanners out there.

from AWSPS info
port 80 is for World Wide Web
some common Trojans that use this port are
AckCmd, Back End, CGI Backdoor, Executor, Hooker, RingZero and many more.

port 139 is for Net Bios,
some common Trojans that use that port are
Chode, God Message worm, Msinit, Netlog, Network, Qaz, Sandmind SMB Relay,

ports 15266, 27260 are not assigned
they can be used for anything.

port 135 is for Microsoft DCE endpoint resolution/location Service

port 445 is used for Microsoft-DS, It is used by windows 2000 for SMB over TCP and UDP concurrently or alternatively with the traditional implementation over ports 137, 138 and 139.

now this information is from the software AWSPS so it could vary between programs. but as long as you have a good firewall and virus program and don't open any files that you don't know or where not expecting that have exe extensions on them. You are still okay if you do get a file and you are not sure, right click it and run a virus check in most cases a virus program will capture the infected file and stick it in some type of quarantine.

Zenem I would suggest a good firewall that will allow you to run in full stealth mode I use ZoneAlarm Pro, it can be used for a week or so for free or you can download a free version


Intrusion Blocking systematically identifies hackers and
blocks access attempts.

Stealth Mode automatically makes your computer invisible to
anyone on the Internet.

Automatic Program Configuration provides safety and
simplicity by automatically configuring programs. Automatically
decides whether to allow or deny Internet access to individual
programs.

Expert Controls give savvy users precise control over
security settings

Anti-Virus


www.ezsecure.net...

Its scans on all those ports, but i just bought McAfee. I should have bought Norton because it also makes the pc invisible and i was deciding between the two.

I have the latest updates and the firewall seems pretty secure but I will definately look into ZoneAlarm as suggested.

Thanks