Port Scan Detected and Blocked! - Bitdefender 2014

  • I have Bitdefender Total Security 2014.

    Recently I have been getting the message/alert "Port scan detected and blocked". I did not care about it much until I getting more especially in a specific timee. I was shocked when I saw the External IP of the attacker is from the same country where I am; so it's not a robot or virus, it's a hacker and I am his target. Can the hacker break my security and access my computer if he found an opened port?

    How to block port scanning by hackers? I have heard of NMap but I am not network specialist.

    If my anti-virus and firewall are not the best, what do you recommend for me? All internet is saying Bitdefender is one of the best (if not the best!). But I have asked a specialist and he said "COMODO".

    What configurations should I set on my router to help regarding this problem? Should I allow the following settings or not?
    IGMP Snooping
    IGMP Snooping
    QoS

    I have disabled UPnP
    Wifi password encrypted "WPA2-PSK"
    I have enabled: ICMP Flooding, SYN Flooding and ARP Attack but I think my internet connection getting slower!
    http://prntscr.com/5fabgc

    Not a permanent solution, nor an answer to your question, but call your ISP and ask them to change your IP address, and see if the attack goes away.

    A few important questions: 1. Are you behind a router, or is your computer directly connected to a modem? If you are behind a router, have you verified that your router's firewall is enabled? 2. Are you using WiFi? If so, is it protected with WPA2 and a strong passphrase?

    We do not give recommendations for products. Nmap will not prevent scanning, it is itself a scanner. Just because the IP is from your country doesn't mean it is not a robot or virus.

    @IQAndreas, I can change my IP by restarting the modem/router but I still get a Port Scanning.

    @IQAndreas, I have enabled the firewall, DosAttack but doesn't help, I think it made my internet connection slower!

    Can you find a "port forwarding" section in your router configuration? Most routers should have it. Check to see if anything is listed there. Also can you provide the model of your router?

    @user54791, router is "Huawei HG658B" VDSL version. I am searching for the "port forwarding".

    @user54791 Can only find Port Mapping and Port Triggering http://prntscr.com/5fsts9

    “the External IP of the attacker is from the same country where I am; so it's not a robot or virus, it's a hacker and I am his target.” That's a non sequitur.

  • This likely isn't as bad as it sounds. If you have your computer plugged directly in to the modem, random port scanning of IP addresses on the internet is extremely common. On my web server, I get about 30 to 100 invalid login attempts a day trying to get on my system.

    Hackers look for low hanging fruit, so they will scan large swaths of the Internet looking for vulnerable systems. Just because you are seeing activity like this does not mean you are being targeted.

    It does, however, illustrate the importance of protecting yourself from intrusions. I would recommend getting a router with a firewall and set that up to prevent attackers from being able to directly attempt to access your computer. This strategy is called defense in depth (now rather than simply exploiting your computer, they must first exploit the router and then try to exploit your computer and that gives you time to detect your router is compromised) and it will help protect you from attacks and prevent the port scans from reaching your computer (as they will instead be hitting the router's WAN port firewall instead.)

    According to the OP the computer is behind a router, so random port-scanning bots should not be getting through.

    @user54791 that's assuming that the router is actually a NAT router and not just a basic network router. Depending on the type of router, it may just be putting them on the same network as his cable modem and his cable modem may just be handing direct IPs to each computer on the network.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM

Tags used