Cyberduck Mountain Duck CLI

#7165 closed defect (thirdparty)

Port Scan

Reported by: moghilemear Owned by:
Priority: normal Milestone:
Component: core Version: 4.2.1
Severity: normal Keywords:
Cc: Architecture:
Platform:

Description (last modified by dkocher)

First I apologize in advance, since I am not a networking expert. This issue has been reported by my webhost. It *appears* from the logs that every time I attempt to download (via drag & drop) from the host to my laptop using Cyberduck, that a port scan is performed. I researched Port Scan, and found that it is either a standard technique or indicative of an "attack". Either way, the webhost is disallowing this currently and blocking the IP.

I have don more research and another webhost has commented that many PC's are infected with port scanning software, and that the practice of blocking IP's is "overkill" and may not be warranted for a commercial server.

Having said that, is Cyberduck Port Scanning in "open new connection" or "use browser connection" modes, or at all? If so, is this standard practice or is it considered now "bad practice"? (If so then this may be a "bug".) If Cyberduck is not performing a "port scan" then some other software is detecting a download action (it appears from the logs, and I will look into this myself).

Either way, the host has currently define "port scan" as "bad" and auto-blocks the IP, which essentially prevents Cyberduck from functioning. So this is either a "overzealous webhost", "clever 3rd party malware which I cannot detect", or a "bug.

Actual Log of Event:

lfd.log:Apr 15 18:24:39 jdz3 lfd[25954]: *Port Scan* detected from 70.184.167.204 (US/United States/wsip-70-184-167-204.hr.hr.cox.net). 11 hits in the last 227 seconds - *Blocked in csf* for 3600 secs [PS_LIMIT]

Change History (1)

comment:1 Changed on Apr 16, 2013 at 4:17:04 PM by dkocher

  • Description modified (diff)
  • Resolution set to thirdparty
  • Status changed from new to closed

No port scanning is done on opening a connection or browsing a remote server.

Note: See TracTickets for help on using tickets.
swiss made software