reply to post by sumgai
Someone is just doing a port scan on you. Takes a bit to explain in laymen terms though.
First you have to know what a server is. Most of the time when someone says server they mean big computer. For a port scan though they mean the actual
software that's running on the big computer.
What the software does is it opens a port and listens for requests from other computers. When it gets one it sends those computers the data they
request. That's it.
Why ports? Well if you're poor folk like me you might only have one actual physical server. However, you can still run multiple virtual servers on
the same computer. You may run a web server and a email server on the same box or whatever servers you want.
Both would have the same IP address so you have to tell the server which port. Either the mail server or the web server. Most web servers run on port
80 so you don't usually have to type the port in when web browsing BTW. If you ever see something like :8080 in a url it means they're running on a
diff port than usual. Typically because the normal one isn't currently working on their system for some reason.
So that's what a port is. They're not real. They don't actually exist. It's just a number you tag on to the request you send the server so it
knows exactly which program you're trying to talk to because that comp may be running more than one virtual server.
There's two types of ports. TCP and UDP ports and they can be numbered from 0 to 65,535. Which type and which port are all used for different types
of data and servers.
What the hacker is doing is sending requests to each one of your ports to see if any of them are open. If anything is listening on the other side they
might be able to trick that software into doing something it's not supposed to. Like deleting all your files or something because there's a bug in
the server code that the hacker knows about.
Okay so, here's the real deal though. You're on a desktop PC. Not a server. That means you're not running any servers (typically) because you
don't have any data you want to serve to anybody. You're just connecting to other people's servers like ATS's or Googles.
So it's really really hard to break in through a port when nothing is listening. No matter what request they send it just gets dropped and disappears
into the ether. So they can't hack you right?
So, here's what they do. They create viruses like this Back Orifice thing. What it does is opens up a port and starts listening for the commands from
the hacker and does whatever the hacker tells it to.
That way, once you're infected the hacker can dial into your system and take control anytime he wants because he's got something there listening for
his instructions now.
What your firewall is telling you is that you're not infected by the virus and the port isn't open and is successfully being blocked, but somebody
is trying to look and see if it's running on your system.
Probably what's going on is some hacker is just plain bored and has written an automated script that goes around the net probing the net for random
IP addresses that are infected with this Back Orifice thing and if it finds one, it'll take control of that computer somehow. What your firewall is
telling you though is that you're protected from the jerk and it has given him the boot.
EDIT: Oh and if you wanna put another firewall wall or nat like the one built into most routers in between you and the wall you can block them there
before they get to your comp, but if you're wireless you're just gonna get weird stuff coming at you sometimes cause hackers are retarded and
EDIT AGAIN: Oh I guess Back Orifice actually does have some real legitimate uses for when you need to control a computer that you're far away from
but the hacker probably doesn't want to do anything legitimate with it.
[edit on 16-9-2009 by tinfoilman]