NationStates Jolt Archive


Department of Defense Portscan

Rumerik
26-03-2006, 11:51
A friend of mine told me today that Norton Anti-Virus blocked an attempt by the Department of Defense to portscan her computer. What happened is while we were were talking over AIM a window alerting her of a blocked portscan appeared and gave her the IP address of the intruder. She then went online and found a program ( http://www.arin.net/whois/ ) that gave her the identity of the IP address. I wish I had the IP address itself, she gave it to me to enter into the program and the result was the DoD, unfortunately I already deleted the window *sigh*. I'm confused about this, what does it mean? Is this legal? Why would the DoD do this exactly? Any help would be much appreciated

For those who don't know (I didn't) the definition of a portscan
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214054,00.html
Philosopy
26-03-2006, 11:53
Well, either your friend is an international terrorist or it's just the 'background noise' of the internet. Firewalls come up with all these alerts all the time, just ignore them.
JiangGuo
26-03-2006, 11:54
That is most likely Internet Background Noise.
(joke)
And no, those men in black suits outside do not mean you any harm.
Rumerik
27-03-2006, 00:46
strange, I've never had anything like that before. I'd still like to know more about it before I dismiss it entirely, I don't feel comfortable being entirely ignorant of it. I don't even know what you mean exactly by "background noise" of the internet. I mean are you saying that this attempted portscan was just inadvertently carried out without any real purpose? Or it wasn't even really a portscan at all? Or etc etc.?

I'm sorry, I'm obviously fairly computer illiterate.
Katganistan
27-03-2006, 00:55
I would say it's probably just her firewall set to be too sensitive. I get "portscans" from my ISP all the time with ZoneAlarm Pro.
The South Islands
27-03-2006, 01:17
http://www.theregister.co.uk/2005/02/22/warning_black_helicopters.gif
The Jovian Moons
27-03-2006, 01:40
Does your friend have any extreme ideas? Any antiwar or anti gov movements? Any of those could be reason to check her computer. But if Norton can block the DoD, well let's just say it doesn't bode well for the future.
Dissonant Cognition
27-03-2006, 01:47
A friend of mine told me today that Norton Anti-Virus blocked an attempt by the Department of Defense to portscan her computer. What happened is while we were were talking over AIM a window alerting her of a blocked portscan appeared and gave her the IP address of the intruder. She then went online and found a program ( http://www.arin.net/whois/ ) that gave her the identity of the IP address. I wish I had the IP address itself, she gave it to me to enter into the program and the result was the DoD, unfortunately I already deleted the window *sigh*. I'm confused about this, what does it mean? Is this legal? Why would the DoD do this exactly? Any help would be much appreciated

For those who don't know (I didn't) the definition of a portscan
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214054,00.html

I don't like the definition provided by the link posted above, because it fails to describe the positive and legitimate uses of port scanning and other methods used to secure and protect computer systems. Try this description instead: http://en.wikipedia.org/wiki/Port_scanning .

A common criticism leveled against "personal firewalls (http://en.wikipedia.org/wiki/Personal_firewall)" like your friend has is that they often make a big deal ("Hackers are taking over your computer!!!! :eek: :eek: :eek: ") out of either meaningless or innocent internet traffic. Edit: Then again, just yesterday the personal firewall running on my computer silenced and helped me identify and remove some spyware that would have otherwise compromised my computer. The little light indicating incoming traffic on my router/firewall is constantly blinking, indicating attempts to initiate communications. But probably most of that traffic is essentially meaningless noise, not necessarily attempts to do harm.

Additionally, incoming traffic from the DoD does not necessarily mean that the DoD is acting in an official manner. It doesn't even necessarily mean that someone is acting maliciously. Some random person sitting at his desk somewhere typed an IP address wrong. Some random office worker isn't careful with his/her e-mail and a virus or worm got loose. It's also entirely possible that someone is spoofing (http://en.wikipedia.org/wiki/Spoofing_attack), that is pretending to be the DoD in order to cover his/her true identity. Any number of possibilities can explain what was observed.

Whatever the case, the best defense is to continue using a firewall, continue regular virus and spyware scans, and continuing keeping the operating system and other software up-to-date.
Rumerik
27-03-2006, 09:07
Thanks a lot everyone, I think I understand the situation much better now.