Products > Security

Startup port scan

(1/3) > >>

dunkemhigh:
Missus brought in a laptop used by a club, and on booting it my PC AV popped up to report a port scan from it.

Suspecting something nefarious, I've subjected it to a scan by Kaspersky's USB boot disk. Found nothing.

Is there anything on a W10 laptop (HP, if it matters) that might legitimately do a port scan of stuff on the local network on booting? It has AVG on it, but I'm pretty sure that doesn't do it.

Halcyon:
Unless it has a direct connection to the internet (which is very unlikely), it's highly unusual anything from the outside would be performing port scans on a machine that's behind a router. I'd need more information such as a screen shot of the message and any logs the AV is able to provide.

dunkemhigh:
Nothing from outside. My PC and the laptop both connected to the same LAN (laptop via WiFi, PC via cable) so no router involved and no Internet. PC AV pops up to say there's a port scan from the IP address that the laptop has acquired. I verify that the IP address is the one the laptop is using, but other than that I don't know anything more (it was promptly banned from the network).

I need to set up an isolated network and run a sniffer to see what's actually going on, but this is the first time anything has done this (so far as I know). It's not a look around the network to see what's there but scanning to find open ports on the PC.

Halcyon:

--- Quote from: dunkemhigh on July 21, 2022, 01:45:02 am ---Nothing from outside. My PC and the laptop both connected to the same LAN (laptop via WiFi, PC via cable) so no router involved and no Internet. PC AV pops up to say there's a port scan from the IP address that the laptop has acquired. I verify that the IP address is the one the laptop is using, but other than that I don't know anything more (it was promptly banned from the network).

I need to set up an isolated network and run a sniffer to see what's actually going on, but this is the first time anything has done this (so far as I know). It's not a look around the network to see what's there but scanning to find open ports on the PC.

--- End quote ---

Seems weird. Maybe just crap AV giving you false positives?

mag_therm:
Could be a virus on the computer  from the club.
I had linux boxes running on corporate LANs in various countries, that log all ssh attempts with the source ip and the user and pw.
Most come from certain countries, but have seen attempts from within the Lan from employee Win portables.

Navigation

[0] Message Index

[#] Next page

There was an error while thanking
Thanking...
Go to full version