Advice Request Gdata detect a port scan...

[rainspell]

Hi,

yesterday Gdata IS, I used since 2 weeks tells me a port scan was detected on my PC. It was he first time I see a message like this...
Since 20 years, none of the software I used, from KIS to Avast IS, detected something like that...

What should I do ?
Isn't a port scan usually the first step of an attack ?

Best regards,
rainspell

 

[mekelek]

Hi,

yesterday Gdata IS, I used since 2 weeks tells me a port scan was detected on my PC. It was he first time I see a message like this...
Since 20 years, none of the software I used, from KIS to Avast IS, detected something like that...

What should I do ?
Isn't a port scan usually the first step of an attack ?

Best regards,
rainspell

can you go there and make a screenshot of the log entry that is about this notification?

 

[rainspell]

Hi,

the "funny" thing is that I wasn't able to find any log of this scan port...
Nothing was recorded on Gdata dashboard...

 

[mekelek]

Hi,

the "funny" thing is that I wasn't able to find any log of this scan port...
Nothing was recorded on Gdata dashboard...

I haven't seen something having a notification but no log entry with GData.

 

[rainspell]

I haven't seen something having a notification but no log entry with GData.

It's that that worried me a lot...

 

[Mahesh Sudula]

Nothing to worry...it's common with G data firewall since it's very paranoid after Dr web
The thing is when I ran Trend micro House Call to scan my pc..he detected the port scan as well...Kaspersky caught that too..

It's that that worried me a lot...

When an attacker uses Nmap or Wireshark around your region..depends on the impact of it..Since Even a Free firewall stealth ports to most extent...You are free from the trouble

 

[rainspell]

Nothing to worry...it's common with G data firewall since it's very paranoid after Dr web
The thing is when I ran Trend micro House Call to scan my pc..he detected the port scan as well...Kaspersky caught that too..

Thanks for your answer Firewall is on optimal : it could be the explanation. On medium level, Gdata may have not report anything.
I will wait and see if it occurs again.

 

[L0ckJaw]

Do you have a hardware firewall in your router ? if so then that one blocks attacks too.

 

[rainspell]

Do you have a hardware firewall in your router ? if so then that one blocks attacks too.

Yes, I am behind an hardware firewall ;-) But he is not as configurable as the Netgear router I used in the past : it is provided by my ISP.

 

[rainspell]

I just found the log - it was in the firewall logs, I haven't checked...

"Un ordinateur distant a analysé les services Internet (ports) ouverts de votre ordinateur. Le pare-feu a bloqué cette attaque.
Info réseau:
Réseau : Wi-Fi 2
Ordinateur distant : 172.217.19.46 (United States) (mrs08s03-in-f14.1e100.net (United States))"

In fact, I think there's nothing to worry about. A quick look at Whois : IP adress is one of Microsoft.
Good to see a firewall detect and block a legitimate request that some others AV will have let pass.
In matter of privacy Gdata seems to be very good

 

[abdou17]

Good to see a firewall detect and block a legitimate request/QUOTE]

A false positive is not a good thing

 

[Deleted member 65228]

A false positive is not a good thing

Case by case basis.

With a firewall it could be helpful because it shows the firewall component is a bit sensitive which means it could also aid in preventing a more sophisticated attack which would have surpassed other vendors who have a more strict firewall.

The downside is it is only helpful if you are already knowledgeable and experienced.