[Joeteck]

Yes, strangely enough, Google does its own port probing to gather data about where the users are from. I guess thats how it can find pretty much any file any where.

And guess what? I have proof of this.

port scan dropped - Source:66.102.1.91, 80, WAN - Destination:192.168.1.150, 1914, LAN - TCP scanned port list, 1911, 1916, 1912, 1913, 1915 -

One of my internal users went to google's home page, and whamo! Port scan!!!

port scan dropped - Source:66.249.81.99, 80, WAN - Destination:192.168.1.142, 2174, LAN - TCP scanned port list, 2168, 2169, 2170, 2171, 2172 -

port scan dropped - Source:64.233.179.91, 80, WAN - Destination:192.168.1.108, 2465, LAN - TCP scanned port list, 2462, 2468, 2469, 2469, 2469 -

Take the source IP address and put it in your browser...

I'm dumbfounded!

[Jon]

That how a web crawler operates. Google utilizes a farm of "Googlebots" that do nothing but request on port 80 and download everything that it's able to.

If you visit Google, it's going to return the favor and see if you host too.

[Joeteck]

Quote:

Originally Posted by Jon

That how a web crawler operates. Google utilizes a farm of "Googlebots" that do nothing but request on port 80 and download everything that it's able to.

If you visit Google, it's going to return the favor and see if you host too.

Wouldn't that be fringing on my privacy? I did not ask or allow them to look at my stuff??

EDIT: Port 80 would be fine... But its looking else where...!!!!!!!!!!!!

[Jon]

Google operates within the RFCs pertaining to public websites. If you have a website that ends up on Google, then your website did not meet the bare minimums in regards to the RFCs for private webhosting (it doesn't require much either).

Also, Google does not blindly scan IP addresses...it follows links. Yes, they started from somewhere and will scan if you visit, but almost all of the content that is available on Google is a result of a link from another site.

Fact is, the Internet is public domain and everything placed upon it is done so with the premise that it is for public viewing. It is up to the user to secure it.

[Joeteck]

Did you even look at the logs? The destination is my internal network. A non routable IP assigned to users workstations..

[thideras]

Quote:

Originally Posted by Joeteck

Did you even look at the logs? The destination is my internal network. A non routable IP assigned to users workstations..

Well...think of it this way.

You leave your car parked in a city...unlocked.

People can easily come up and open the door and look around.

It is your responsibility to lock your car.

If someone tried to get in your locked car, that is a whole different matter.

[Jon]

You don't have port forwarding set up?

[Joeteck]

I'm safe, it the principle of the port probing. Google can do it all day long... My router drops all of these attempts... But what if you did not have a good firewall? Its those people I feel sorry for. I could see probing port 80, but 1900's and up? come on Google? That may be stretching the RFC just a little...

[thideras]

Quote:

Originally Posted by Joeteck

I'm safe, it the principle of the port probing. Google can do it all day long... My router drops all of these attempts... But what if you did not have a good firewall? Its those people I feel sorry for. I could see probing port 80, but 1900's and up? come on Google? That may be stretching the RFC just a little...

Well, it is the network owner's responsibility to secure the network

[Jon]

Robots.txt protocol was also formed in '94 to prevent web scavenging. Problem is, not enough 'web admins' spend any time learning the security side of web serving.

[Smokeys]

Quote:

port scan dropped - Source:66.102.1.91, 80, WAN - Destination:192.168.1.150, 1914, LAN - TCP scanned port list, 1911, 1916, 1912, 1913, 1915 -

Everybody has missed what this log is actually saying.

This isn't Google connecting to Joeteck, this Joeteck connecting to Google.

Look at who is on port 80, Google is, they are connecting back to Joeteck on port 1911,1916, etc. This is normal. When you open a TCP connection anywhere you also open a source port (any port available over 1024) to receive back data.

The cause of this is a REALLY bad random source port selection your computer open a series of source ports close together which trigged your IDS's port scanning detection.