I keep getting blocked by my host at random times for 10 minutes. As you might imagine this is not good for development, project movement or my blood pressure.
I asked the host what the problem was and they replied:
Well thats as useful as a cheese sandwich to a drowning ferret.
So- assuming my system is fully protected (it is), why is my machine port scanning? what can I do to stop it and would the ferret at the sandwich anyway?
You mean that your computer does a port scanning? or that someone is scanning the porst in your computer? You may want to use a software like CommView to analyze the traffic from/to your computer.
Apparently my computer is scanning for ports @molona;
I will have a look at CommView :tup:
Make sure your antivirus and anti-malware/spyware apps are fully updated and then run full scans of the computer concerned just in case anything has slipped in without being noticed
Doesn't have to be port scanning per se, just a rogue program will do the trick as well -- I once had a MySQL GUI which could connect to a host via an SSH tunnel but the host would ban me every so often when I did this.
It's probably a rule in iptables, if so you/they should add a rule somewhere above that throttling rule that whitelists all data from the IP(s) you guys are connecting from.
To see all iptable rules:
iptables -L -n --line-numbers
To whitelist your IP
iptables -I INPUT <n> -s <YOUR IP> -j ACCEPT
Where <n> is a number lower than the throttling rule (most of the time this is the last rule of the chain).
So theoretically it could be anything from an FTP program, SQL gui or similar thats misfiring?
Its extendnet.co.uk who are hosting the sites. I have 8-10 sites hosted with them which I get blocked out of.
I'm sure its something on this laptop so as Lee suggested - full scan it is!
Well I haven't seen the firewall configs of course, but most of them have something like "If you make more than <x> connections in <y> seconds you will be banned for <z> seconds", which sounds an aweful lot like the problem you're having doesn't it?
This mostly happens when you do a port scan so that's probably why the host went for that. Maybe ask if they know which specific firewall rule you're breaking instead of the very generic "you are portscanning"?
Found that via a quick search, don't know if it'll help to narrow down the culprit
you could monitor your ports and network activity, for this I would recommend wireshark over commview - I've been using it for many years, even back when it was known as Ethereal. Great tool - and you may also have a look at Hijackthis and Ccleaner
In principle, it could be anything, even the MSN checking for new conversations... that's why I suggested that you observed your traffic. CommView allows you to see all the communications going in and out of your computer and network. Of course, the paid version does lots of things but the free one is more than enough and very complete
It would depend. If it's a submarine sandwich, then the ferret might find it very useful. :)[/ot]
This topic is now closed. New replies are no longer allowed.