Comments on: Microsoft Banned for Port Scanning

By: Ian Lee

Ian Lee — Tue, 26 Oct 2010 19:49:39 +0000

@eric & @bob, looks like this type of scanning may just be normal practice. It still seems odd that our firewall security is triggered by the practices of such large entities.

By: eric

eric — Tue, 26 Oct 2010 19:35:02 +0000

Yes, I realize this post is a year old.

I see what appears to be port scanning by msnbot quite a bit lately.

*Port Scan* detected from 65.55.3.135 (US/United States/msnbot-65-55-3-135.search.msn.com). 11 hits in the last 241 seconds – *Blocked in csf* for 3600 secs

By: Bob

Bob — Tue, 19 Oct 2010 04:29:15 +0000

Yup – same here.

Also seeing Google addresses. I have to assume that someone is either IP spoofing or triggering some remote application.

Do you get a list of ports being scanned? And the source port of the scanner?

All of my source ports are either 80 or 443, implying that the remote scanner is running as a privileged operation.

All of the local ports seem to be in the rpc range, the NFS ports and some RTP and RTSP. Nothing significant like SIP, HTTP, FTP or anything that you’d expect from a remote scan…

By: stefan

stefan — Wed, 19 May 2010 09:11:36 +0000

yes. i have had a similar experience, with microsoft ip’s scanning my ports in about bursts of 3 or 4 at 10 minute intervals. i don’t know what to make of it though, and in my search on info, i stumbled across this.