My network got attacked 80 times in 1 minute. Networkattack Scan.Generic.PortScan.TCP has been blocked Tcp from 89.248.174.199 to port xxxxx.

[Dansken]

This has been going on for too long now..

I don't know exactly how long its been, but i would say at least for a few months now I've gotten notifications from Kaspersky every other day or so that my networks has been attacked, although the attacks are blocked i am worried i might be targeted or something. At the start, when the attacks occurred i was just like “nice Kaspersky is taking care of business”, but I'm still getting attacked.

Today i got attacked about 80 times in one minute(DDoS?), likewise the other multiple times this has happened its multiple attacks at the same minute. 

It says: The Networkattack Scan.Generic.PortScan.TCP has been blocked

Tcp from 89.248.174.199 to port xxxxx

 

Please help, what can i do to stop this?  

[Flood and Flood's wife]

Hello @Dansken, 

Welcome!

1. When you block 89.248.174.199, what specified period of time are you selecting?

If the block you’ve applied is working, you’re safe, unfortunately, if there’s an attack, it’s not possible to control what they are doing, you can report them. 

ip 89.248.174.199 has been reported a total of 659 times from 150 distinct sources. 89.248.174.199 was first reported on July 10th 2019, and the most recent report was 13 hours ago.

According to @Anton Mefodys 

If the option to block the IP address for specified period of time does not work, Kaspersky Support will need to assist/investigate - please log a case, follow the Application malfunction, Other template as in image 2, include: 

1.  A detailed history
2. What caused the problem?
3. Did you try to solve the problem? How?
4. Text from an error message? Screen shot? Video?
5. Community topic URL?
6. Support may request data & logs, they will guide you:

• After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will be in touch, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in your MyKaspersky account.
• When feedback from the Kaspersky Technical Team is available, please share it with the Community? 

 

According to @Friend 

quote:

Scan.Generic.PortScan.TCP may be real attacks or a false positive if the same conditions are present in the traffic that are suitable for the attack. The attack should be perceived in a different way than usual - it is simply scanning for what network services are installed on the computer and running, from which the attacker can conclude which services may be vulnerable and take further action. By itself, this attack does nothing wrong.
These attacks can come from a single computer or from multiple computers (hosts) if the scan port is launched from multiple machines. Usually this is some utility like nmap.

He’s suggested the following resources:

• https://encyclopedia.kaspersky.com/glossary/port-scanning/
• https://threats.kaspersky.com/en/threat/Scan.Generic.TCP/
• https://threats.kaspersky.com/en/class/Scan/

unquote

Thank you🙏

Flood🐳+🐋

[maxmathew]

Hi,

 

According to your post, this “network attack” notifications has been happening for a long time you said. Do you remember if you installed a new program or not before this “network attack” notification  began .. ? Even if you were being attacked by port scans, this doesn’t take for a long time, doesn’t take especially for months. This must be something related with installed programs or likewise.. Maybe you installed a program or a game maybe, and the game or program’s connection tries are being detected as “network scan” or something like that.. I would advise you to search your installed programs and one by one uninstall them, and in every uninstallation time, investigate when these attack notifications stop..  I can advise you in this way.. Or you can format your pc and reinstall Win10, this will most probably solve your problem.. :) 

 

Sincerely..

[Dansken]

Hello @Dansken, 

Welcome!

1. When you block 89.248.174.199, what specified period of time are you selecting?

If the block you’ve applied is working, you’re safe, unfortunately, if there’s an attack, it’s not possible to control what they are doing, you can report them. 

ip 89.248.174.199 has been reported a total of 659 times from 150 distinct sources. 89.248.174.199 was first reported on July 10th 2019, and the most recent report was 13 hours ago.

According to @Anton Mefodys 

If the option to block the IP address for specified period of time does not work, Kaspersky Support will need to assist/investigate - please log a case, follow the Application malfunction, Other template as in image 2, include: 

1.  A detailed history
2. What caused the problem?
3. Did you try to solve the problem? How?
4. Text from an error message? Screen shot? Video?
5. Community topic URL?
6. Support may request data & logs, they will guide you:

• After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will be in touch, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in your MyKaspersky account.
• When feedback from the Kaspersky Technical Team is available, please share it with the Community? 

 

According to @Friend 

quote:

Scan.Generic.PortScan.TCP may be real attacks or a false positive if the same conditions are present in the traffic that are suitable for the attack. The attack should be perceived in a different way than usual - it is simply scanning for what network services are installed on the computer and running, from which the attacker can conclude which services may be vulnerable and take further action. By itself, this attack does nothing wrong.
These attacks can come from a single computer or from multiple computers (hosts) if the scan port is launched from multiple machines. Usually this is some utility like nmap.

He’s suggested the following resources:

• https://encyclopedia.kaspersky.com/glossary/port-scanning/
• https://threats.kaspersky.com/en/threat/Scan.Generic.TCP/
• https://threats.kaspersky.com/en/class/Scan/

unquote

Thank you🙏

Flood🐳+🐋

First of all, thank you for fast response, much appreciated!

The time frame for rapport is 24h. I haven't applied anything, Kaspersky blocks it automatically every time, so far at least.

So maybe I'm ok then and should just pay extra attention to if/when it happens again?

 

[Dansken]

It happened again just now.

 

About 80 attacks in 2 minutes :(

 

it says:

Network attack Scan.Generic.PortScan.TCP have been blocked

Tcp from 89.248.165.20 to port xxxxx

 

[Flood and Flood's wife]

It happened again just now. About 80 attacks in 2 minutes :( it says: Network attack Scan.Generic.PortScan.TCP have been blocked, Tcp from 89.248.165.20 to port xxxxx

 

Hello @Dansken, 

Welcome back!

Keep in mind, KIS is protecting you when the portscans from external sources happen.

• KIS is up to version 21.2.16.590a, which KIS version & patch(x) x=letter, is installed → on Windows taskbar, rightclick the Kaspersky icon, select About ? 
• ⭕If the installed software is not 21.2.16.590a you should update before logging a case → Kaspersky Internet Security 21.2
• ➡ Contact Kaspersky Technical Support, fill in the Application malfunction, Other template include:

1.  A detailed history
2. What caused the problem?
3. Did you try to solve the problem? How?
4. Export the Report, save as a text file, add the file to the request?
5. Screen shot & or video if they help define the problem/s?
6. Community topic URL?
7. Support may request data & logs, they will guide you:

Export the Report, save as a text file

• After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will be in touch, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in your MyKaspersky account.
• When feedback from the Kaspersky Technical Team is available, please share it with the Community? 

Thank you🙏

Flood🐳+🐋

[Dansken]

Thank you!

 

I've downloaded the Kaspersky Internet Security trial version now, since I had Kaspersky Free before which did not add up to the latest version you mentioned. Maybe this will work, hold back the attacks. If so I will purchase the Internet Security version when my trial is over.

 

If this do not work I will follow the steps you mentioned about sending in a “report”, I've exported and saved a report containing 30days of activity from my older version before I upgraded it to Internet Security.

And if this longer process will provide a solution to my problem I promise to share my experience here on this topic. 

 

If that doesn't  work I will  re-install windows lol 

 

Thanks again for all your assistance!

 

Best of Regards. 

[Flood and Flood's wife]

Hello @Dansken, 

You’re most welcome☺ !

To reiterate, the “attacks” are being managed, however, if active port scanning from an external source is happening, Kaspersky cannot stop the activity, at the source → think about it like this, if I’m a burglar, I’m going to break into your house, to stop me, you lock up the house, get a guard dog, install alarms, you do all the right things, however, all of those things will not stop me trying to break into your house… 

If you do proceed with a Windows reinstall, make sure you have all your critical data backed up, before any recovery actions. 

⚠ FYI: Kaspersky Free & Trial software versions have no access to Technical Support, check on the KIS, Support🎧 page, there should be a notation in red text, with this advisory⚠ 

Do keep us posted? 

Thank you🙏

Flood🐳+🐋

[maxmathew]

Hi,

 

If you come to the point that you will reinstall windows 10 :) , I will advise you : after installing windows 10 and upgrading windows 10 processes, before installing any program, just install Kaspersky and for 2-3 days long , please do not install anything, and look if any network attack notification will pop up or not.

1-  If no network attack notification occurs (in my opinion most probably this will happen in this way,i mean no notifications will show up) , This means, that was something related with installed programs.

2- If attack notifications pop up again, then the possibility of being attacked becomes higher then.

But in my opinion first option will happen. Then whenever you install a program , just install one by one and wait for 2-3 days, do not install altogether, so that you may understand :if network notifications  appear again, then highest possibility is that that application was the cause of those notifications.. ;) Anyway, i hope your problem will be solved.. Take care..

 

Sincerely..