Anyone else get hit with this earlier????

Intrusion: NMap Null Scan
Intruder: www.renderosity.com(66.18.106.204).
Risk Level: Medium

My norton picked it up and stopped it, tried to hit me when I came into the poser forum. If anyone knows what it is I would appreciate the info.

And yes....norton listed it as a worm.

did it try to load with one of the banners?

O.o

I hane't seen that one, and my current AV (eTrust) didn't catch anything...

But ever since I was hit by the polip.a I get nervous twitches when I hear the word "worm"

It's not a worm.
http://www.symantec.com/avcenter/attack_sigs/o93.html 

Nmap is a network utility (standard on most *nix boxes) that can be used to identify open ports on a machine, and is often used by hackers to identify vulnerable ports.
It can also be used for the less sinister purpose of identifying the operating system of a connecting computer, although Windows operating systems don't respond to the scan in the standard manner. Probably not the wisest choice in this age of excessive paranoia.

Why is renderosity scanning our ports?!!!

I don't know what it tried to load with and don't care. If I don't get a good explanation for this from rendo they can kiss me and my money goodbye. They have NO business trying to scan ANYTHING on my system.

IDK why they would be scanning ports, I keep all unused ports closed on my systems.
The scan is probably benign. I mean, everyone is trusting them with their credit card info, or trusting that their paypal link isn't harvesting their password, so I wouldn't worry about it.
Every deal I've done with Rendo has ended well, and I've found them more than helpful with any problem, so I pretty much trust them.

You can worry about it, I guess, but I'm not. Anyway, it's been my experience that Norton usually causes more problems and confusion than it ever cures.

FWIW

Quote - I wouldn't worry about it.

I'm not worried about it.  I have no sensitive, classified information on my computer.  I'd just like to know what reason they have for attempting to scan our ports.

I sit behind a router and software firewall most of the time and I've done those port scans to look for open ports and my computer always shows as "stealth". 

If I'm behind a router and firewall, does the scan even reach my individual pc ?  I ain't been alerted by my antivirus software, and my machines have Norton, McAfee and AVG respectively  ( ! )

I'm also behind a router and firewall and norton picked it up which surprised me.

Network Address Translation (NAT) will allow the scan to pass through open ports. The fact that the firewall blocked the scan means that it did it's job, and you were in no danger.

A few years back, while bringing up a fresh NT 4 Server install, the server was compromised through a well known NT vulnerability before I could locate the Service Pack CD and install it. Less than two minutes. :-)    Had to format and start all over again.
This kind of stuff just happens, and will keep happening. About all anyone can do is to protect yourself as well as you can. There are freeware programs like SpyWareBlaster that harden your system quite well. Spybot S&D and SpyWareBlaster makes a pretty good one/two punch.

As far as why, I could only guess. They honestly might not be aware of it. Could be something that is integrated in Bondware.

I was fourtunate  and picked up nothing. However, given the state of this site and it's server issues nothing would suprise me.

the client's browser sends an http request to the server, to port 80 or 8080 or something. the server isn't supposed to do anything similar, is it? I just get the feeling that the loading and functioning of any requests for certain ports on the client's machine was (or is) associated with one of their commercial banners, which may access some code from a remote server. AFAIK they have disabled the inclusion of any scripts in any of the forum messages or subject lines, which was a big problem that some hacker tried to exploit in a previous bondware version IIRC.

Hmmm. I'll alert the programming team to this thread. I've never seen anything like this and I tend to run with a fairly paranoid setup.

Has anyone else apart from Marque experienced this anywhere on site? (Nil returns not required)
Marque - I don't suppose you can remember what ad banner was on screen?

Norton Internet Security actually blocked the same thing coming from RDNA at 12:38 am PDT on my system.

Jeff

To be honest I rarely look at the banners.

What banners? Oh, those.

Seems strange that there are still net users who don't have full stealth. Steakthing your system is a good way to stop these stupid backdoor attacks.

This computer (not my regular) got "hit" with this 4 times. Norton Antivirus 2006.

3rd July 12:04:36 BST

TCP Destination Port: 2433.

TCP Header Flags: 0x00000e3d. These TCP Flags are invalid and the packet is characteristic of an NMap Xmas Scan.

3rd July 15:01:00 BST

TCP Destination Port: 2618.

TCP Header Flags: 0x00000eff. These TCP Flags are invalid and the packet is characteristic of an NMap Xmas Scan.

3rd July 16:16:00 BST

TCP Destination Port: 1712.

TCP Header Flags: 0x00000fff. These TCP Flags are invalid and the packet is characteristic of an NMap Xmas Scan.

3rd July 16:54:49 BST

TCP Destination Port: 1855.

TCP Header Flags: 0x00000cf9. These TCP Flags are invalid and the packet is characteristic of an NMap Xmas Scan.

(BST = British Summer Time = GMT +1)

Happy Independence Day to US members!

I’m off for a cup of tea (downfall of the British Empire! ;-)).

It has happened to me also 3 or 4 times yesterday. All in the Poser forum.

Norton security suite also.

Attached Link: http://market.renderosity.com/mod/forumpro/showthread.php?thread_id=2655153

There is an answer posted there.

If anyone else gets this, please check what banner is on screen and if possible right-click and copy the link it's giving. The programmers have advised that there shouldn't be any port-scanning going on.

I haven't had any alerts from here (yet).  I did get one from another Poser site, but it wasn't a real worm, just adware from a banner.  I run Nod32 and it stopped it cold even though it wasn't anything too serious.

got one 15 minutes ago... took some time to find this thread... I was browsing the galleries...