Recommended Response To Port Scans?

I have BIS 2013 on my PC, to protect my ADSL2+ connection, and I seem to be getting frequent port scans. At least, I'm getting frequent reports from BD that a port scan has been detected and blocked.


Am I adequately protected, or is there something more I need to do? I understand I can create a rule denying the IP address the scan originates from, but there are so many of them, from different addresses! I'd be creating two or three new rules every day. Is BIS' action against these adequate?


I'm also prompted to ask: what actually generates port scans? I know what they are, but the PC they originate from — they can't all be active hackers, surely? I assume it's automated in some way, because I'll often get multiple scans from the same IP address at regular time intervals for several hours. Is it generated by a virus? More to the point, how do they find *my* IP? Does it mean I have some trojan I haven't detected that's putting out some kind of request for connection? Or do scanners typically sweep a whole range of IP addresses, trying to find a connection? I've tried to ask my ISP, but they were really useless.


Thanks for any help.

Comments