Advice Request Gdata detect a port scan...

Please provide comments and solutions that are helpful to the author of this topic.
Status
Not open for further replies.
R

rainspell

Level 1
Thread author
Verified
Mar 18, 2018
20
54
29
France
Hi,

yesterday Gdata IS, I used since 2 weeks tells me a port scan was detected on my PC. It was he first time I see a message like this...
Since 20 years, none of the software I used, from KIS to Avast IS, detected something like that...

What should I do ?
Isn't a port scan usually the first step of an attack ?

Best regards,
rainspell
 
rainspell said:
Hi,

yesterday Gdata IS, I used since 2 weeks tells me a port scan was detected on my PC. It was he first time I see a message like this...
Since 20 years, none of the software I used, from KIS to Avast IS, detected something like that...

What should I do ?
Isn't a port scan usually the first step of an attack ?

Best regards,
rainspell
Click to expand...
can you go there and make a screenshot of the log entry that is about this notification?
Ps1Ei2.png
 
  • Like
Reactions: CloudyDefense, abdou17 and harlan4096
Hi,

the "funny" thing is that I wasn't able to find any log of this scan port...
Nothing was recorded on Gdata dashboard...
 
rainspell said:
Hi,

the "funny" thing is that I wasn't able to find any log of this scan port...
Nothing was recorded on Gdata dashboard...
Click to expand...
I haven't seen something having a notification but no log entry with GData.
 
Nothing to worry...it's common with G data firewall since it's very paranoid after Dr web
The thing is when I ran Trend micro House Call to scan my pc..he detected the port scan as well...Kaspersky caught that too..;)

rainspell said:
It's that that worried me a lot...
Click to expand...
When an attacker uses Nmap or Wireshark around your region..depends on the impact of it..Since Even a Free firewall stealth ports to most extent...You are free from the trouble
 
Last edited by a moderator:
Mahesh Sudula said:
Nothing to worry...it's common with G data firewall since it's very paranoid after Dr web
The thing is when I ran Trend micro House Call to scan my pc..he detected the port scan as well...Kaspersky caught that too..;)
Click to expand...

Thanks for your answer :) Firewall is on optimal : it could be the explanation. On medium level, Gdata may have not report anything.
I will wait and see if it occurs again.
 
Do you have a hardware firewall in your router ? if so then that one blocks attacks too.
 
  • Like
Reactions: frogboy
I just found the log - it was in the firewall logs, I haven't checked...

"Un ordinateur distant a analysé les services Internet (ports) ouverts de votre ordinateur. Le pare-feu a bloqué cette attaque.
Info réseau:
Réseau : Wi-Fi 2
Ordinateur distant : 172.217.19.46 (United States) (mrs08s03-in-f14.1e100.net (United States))"

In fact, I think there's nothing to worry about. A quick look at Whois : IP adress is one of Microsoft.
Good to see a firewall detect and block a legitimate request that some others AV will have let pass.
In matter of privacy Gdata seems to be very good:love:
 
  • Like
Reactions: upnorth, Mahesh Sudula and amico81
abdou17 said:
A false positive is not a good thing
Click to expand...
Case by case basis.

With a firewall it could be helpful because it shows the firewall component is a bit sensitive which means it could also aid in preventing a more sophisticated attack which would have surpassed other vendors who have a more strict firewall.

The downside is it is only helpful if you are already knowledgeable and experienced.
 
  • Like
Reactions: ZeroDay, mlnevese, abdou17 and 1 other person
Status
Not open for further replies.

You may also like...