i originally asked this question over in the cable modem forum and got some good feedback...but, i still have some questions about this type of scan and thought i would pursue it under the proper forum this time...i've read the info about this type of scan in the blackice documentation but it's not clear to me yet(lamer here) whether this scan was directed specifically at my box or just a general scan. the severity level on the pptp scan i got was "79" which is the highest i've ever had. should i take additional safeguards against the ip that scanned me or am i ok with blackice...i would sure appreciate any advice/comments on this matter....thanks, rookie

1. Don't remember your other post...what was it? I would like to read it.

2. Have you gone to www.arin.net (http://www.arin.net) or www.geektools.com (http://www.geektools.com) to find out who has the IP that zaps you at 79? I run BlackIce also & have had UDP port probes too, only at 39. 79 would sure get my attention!

I also have ZoneAlarm & got some port probes today. Wish I understood....

[This message has been edited by chacmool (edited 04-20-2000).]

my original post was yesterday (4-20) "scanning question"...yes i know the ip address of the scanner and i've traced it using neotrace...my real concern with this type of severity (79) is whether i should take additional sageguards against this ip or whether blackice is sufficient to ward off this type of attack...if this is a deliberate attack at my box i would like to know...i know i can send the evidence file to this person's isp but i would like to learn more before taking any action...plus i don't want to over react if it's not necessary

I was talking to someone eariler this afternoon & his slant/opinion on this subject (not you particular events) was that there are people that just pick out a block of IP addresses & randomly do ther thing. If they find an easy prey (whatever that means to the hacker types), then they proceed(?)

What the heck, I can go to arin or neotrace or ... & make up an IP...put it in ...find out who it's regestered to...start my attacks...those hackers/slackers have the same access we do.

Anyway, if it was me, I would be calling (in fact I already have) the security people at my ISP & work thru them. After all, the slackers are going through our ISP's to get to us!!! I've already mentioned this on other posts on this forum. You might want to read the post below "watch out!!@tech boys will nuke your modem"; it's long but has some good opinions on this subject.

Again, it's the security or internet fraud or internet abuse group @ your ISP; not tech support.
Again, the pinche pendejos are going thru our ISP's & they(the ISP's) want to stop this MIERDA also!!
(Any Mexican can translate my swear words ...tell them you got it off the net from a Chilango,[nothing to do with Chicago] in DFW area of Tejas)

Didn't understand DID's answer, of course didn't understand it a few weeks ago when I went to the BlackIce help section either.

[This message has been edited by chacmool (edited 04-20-2000).]

Forgot, read q000158 at BlackIce knowlege base...talks about how it stops attacks & attacks in general. It's next in line to the one DID referenced to you on severity calculations.

[This message has been edited by chacmool (edited 04-20-2000).]