Why?
 

deepblue

What you have just said has a certain ring of truth and I would like to believe that all these foreign government agencies, local/city authorities, colleges, etc. are just port scanning my IP address (or scanning a range of IP addresses).

However, just seeing if you have port 6346 open doesn't seem to tell the whole story because if my port is open then what business is it of theirs? It seems to me that the reason for port scanning is just not only to see if ports are open but to look for vulnerable PCs to infect with a Trojan, that way your activities can be monitored and a report sent back to the Trojan's originator.

Port scanning for port scanning sake makes no real sense for statistical purposes only, therefore I feel that there must be some other motive behind their constant port scanning activities.

Finally, I will take your advice and not get too alarmed by what my various logs tell me, now that I have PeerGuardian.




UK Bob

Yes there is. They port scan to find IP addresses with port 6346 open. Any computer that returns a SYN/ACK or ACK packet (or an RST, PSH, or FIN packet depending on the type of scanning they are using) gets thier IP address added to a list. From there it can be used for just about anything. The agencies can use it see how many files you are sharing, and what they are. Or they can use the open port to deliver advertisments, spyware, or even gain unauthorized access to your computer. The job of a firewall and PG are to close/monitor open ports, and block all incoming TCP packets from prying agencies. I hope this helps.

deepblue

Port Scanning and Malware Planting.
 

Dear All

Over the past few days (21, 22 April) the PeerGuardian block list server was down, at the time I did not realise this and started my usual (early) weekend P2P-ing

Friday morning I noticed that MS AntiSpyware found five instances of NS Keylogger on my PC, two of those instances I now believe were false positives (uninstallers):

C:\Program Files\PeerGuardian2\unins000.exe
C:\Program Files\SpywareBlaster\unins000.exe

However, the other three instances cannot be dismissed as easily, leading me to suspect that one of those "agencies" that are constantly crawling down the 6346 port, and are usually kept out by PG2, probably planted this keylogger.

I believe I made a silly mistake in not realising that the block lists that my copy of PG2 used were solely online, so when the PeerGuardian server went offline, a window of vulnerability opened on my PC.

I have now nailed this window shut, and in order to protect my PC, by updating my PG2 with locally installed block lists (from Blocklist.org) now I am no longer dependant on the online lists as I was (unknowingly) before.





UK Bob

Hi
Peerguardian sounds interesting but a question ? can I use it alongside my McAfee Firewall.
Your help would be appreciated.

hitbit

PeerGuardian & Firewall
 

Hitbit

I use PeerGuardian along side Norton Personal Firewall 2005 so there should be no problem with McAfee or any other Firewall.



UK Bob

Perhaps its like a hole in a fence to them.
They can't pass that hole without having a look.
Seriously these people probably spy all the time if only to eliminate us from their inquiries

hitbit

PG w/ McAfee
 

Np, I am using McAfee Pers Firewall & Peer Guardian. They play nicely with one another :)

I have been using PG for some time now and have seen similar organizations being blocked from port 6346.Could it be someone inside the organization trying to use Limewire as we are and being blocked because of the ip address?For example someone from the City of Thunder Bay,ON Canada has continually tried to connect to my port and been blocked. I don't think the RIAA has any spies in Thunder Bay its just that all cities are on the blocklist.

I have been using PG for over a year and continued to use the original program through their dispute over ownership. I see this mess is resolved now, is my PG up to date or do I need to download a new program?

Thanks Dan

Also I use PG alongside Sygate and it works fine

Dan

PG will tell you if there is a new program available when you update your block lists.

However, PG2 is now available so, I guess, that is the one you should be now using.



UK Bob

Interestingly PeerGaurdian does an excellent job of blocking my access to this website.