1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

High Volume Port Scanning?

Discussion in 'Proxies' started by mlartz, Aug 30, 2013.

  1. mlartz

    mlartz Newbie

    Joined:
    Aug 30, 2013
    Messages:
    2
    Likes Received:
    0
    Can anyone recommend some good hosting providers (VPSes or Dedis) or VPNs that would allow continual, (very) high volume port scanning? I've been playing with most of the cloud IAAS services and get shut down within a day.

    And by high-volume, I mean that I'm looking to scan the entire Internet in an hour, or as fast as I can send/receive packets from/through the given host/VPN.

    Thanks
     
  2. innozemec

    innozemec Jr. VIP Jr. VIP

    Joined:
    Aug 19, 2011
    Messages:
    5,290
    Likes Received:
    1,799
    Location:
    www.Indexification.com
    Home Page:
    Lol, good luck with that bro :)
     
  3. tompots

    tompots Elite Member Premium Member

    Joined:
    Dec 11, 2011
    Messages:
    4,352
    Likes Received:
    3,955
    Gender:
    Male
    Occupation:
    Full Time Bot Developer
    Location:
    Professional Botters
    Home Page:
  4. proxygo

    proxygo Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 2, 2008
    Messages:
    10,297
    Likes Received:
    8,717
    most isp related scanning gets shut down fast..
    thing is, ive had same uk isp 6 yrs and port scanned
    using them for 6 yrs, no issues
     
  5. innozemec

    innozemec Jr. VIP Jr. VIP

    Joined:
    Aug 19, 2011
    Messages:
    5,290
    Likes Received:
    1,799
    Location:
    www.Indexification.com
    Home Page:
    thats not only due to the isp,but and because you know how to do things.. while the guy wants to scan the whole internet for less than an hour.. just imagine how many threads he probably uses and its tcp/syn connections bring down the network of the whole server / router
     
  6. mlartz

    mlartz Newbie

    Joined:
    Aug 30, 2013
    Messages:
    2
    Likes Received:
    0
    zmap.io ... check it out. And the "whole internet" thing is the goal, but I can throttle down to whatever keeps it under the radar. Plan to use it as the first stage of proxy detection pipeline, i.e. look for open ports and then more thorough scanning to classify the proxies.

    Any suggestions on VPNs or hosting providers, or the "right way" to do bulk scanning without getting shut down?
     
  7. akacash

    akacash Jr. VIP Jr. VIP

    Joined:
    Jan 16, 2010
    Messages:
    806
    Likes Received:
    575
    Location:
    The Beach, USA
    Lol, I'm curious as to what the "right way" to port scan is as well. That being said I'll share a recent experience with you. I developed a decent lil system that I setup. I can target specific countries or isp's and scan at around 25-30k attempts per minute comfortably. I can crank it up plenty faster and get 100k tries per minute but I noticed it will skip and miss valids as well so whats the point. I've never had any problems until just recently. From home residential isp's I've never had a problem, however I did just have a hosting provider I'm using for a few servers say something to me about it. They didn't shut me down or anything, but they did put my server into a "hacked" state. I had to message them and I just basically gave some very vague information that "I believe I identified and corrected the problem". I've had a few servers scanning though almost 24/7 for the last couple months and it was just now that they noticed so it's hard to say who's going to shut you down or let you go. A week ago I'd of said yeah join up here I been scannin for months w/o any probs. lol. Your software can have a major impact as well, I use the SYN method which allows for a bit more speed, but doesn't seem to rape my network nearly as bad. I really think it's gonig to be a roll of the dice unless you want to just ask them up front if they allow it. I'm sure most off-shore providers would let it slide though, but I don't know if you'd be compromising speed or quality by going that route.
     
  8. proxygo

    proxygo Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 2, 2008
    Messages:
    10,297
    Likes Received:
    8,717
    i keep it under the radar 4k threads per second
    never had an issue with my isp with that setting in 5/6 yrs
    but i no alot of isps if they catch you doing it will boot u
    of there internet
    best asdvice - do it at your own risk

    ps your not going to scan this in a day

    0.0.0.0 - 255.255.255.255 - not in a day not with all the different ports working in there
    cash i have around 50 blocks i scan if i scan them with syn i get nothing - zip squat.
    if i use tcp - i get about 5k anon level 1/2 with around 2k being google passed. tcp is better

    only problem ive found with TCP scanning , is you need a pc
    with xp+sp1 to do it with no restrictions, if you use xp+sp2, sp2 is patched
    to close all tcp scanning, yes there is a file out there to open 30% of the tcp
    but it isnt worth it.

    so thats how i scan - xp+sp1 only on this machine so u get the max
    open tcp allowed
     
    Last edited: Aug 31, 2013
  9. akacash

    akacash Jr. VIP Jr. VIP

    Joined:
    Jan 16, 2010
    Messages:
    806
    Likes Received:
    575
    Location:
    The Beach, USA
    I'm not sure what you use to scan, but I tried proxyfire once and couldn't get anything with theirs either on the SYN method. I have a couple of different things I use depending on what I'm scanning, but my main HTTP scanner is a SYN only. I have specific ranges I scan, but I was recently scanning entire ranges where I'd just start at say 89.0.0.0 and scan it all the way through to 89.255.255.255 on the ports I wanted. I don't think I'm going to be scanning anymore as I was mostly doing it for fun anyway so I might post a few really hard hitting ranges. I actually have 1 set of ranges I can scan and pull anywhere from 3-5k all anon's that change everyday. The rest of what I scan is much more spotty and can vary but typically I can grab another 1500-2k from some other random ranges I've picked up on. Also as I'm sure you've noticed yourself different ports will bring different results, sometimes undesired ones, i.e. about 90% of any 9999 port proxies seemed to be from China. I've noticed something else kind of odd lately that seems to me to just be an attempt at inflating the list, especially on public listed proxies where people are posting the same ip with ports 3128, 7808, and 8909.
     
    Last edited: Aug 31, 2013
  10. hoper

    hoper Newbie

    Joined:
    Jul 1, 2012
    Messages:
    21
    Likes Received:
    1
    Just simply says .... thanks !!
     
  11. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Just out of curiosity and besides looking for proxies why are you port scanning on such a grand scale besides looking for vulnerabilities?
     
  12. akacash

    akacash Jr. VIP Jr. VIP

    Joined:
    Jan 16, 2010
    Messages:
    806
    Likes Received:
    575
    Location:
    The Beach, USA
    I just do it mainly cuz I'm an old school nerd that used to do it years ago for other purposes before I got into IM. Since they come in handy though at various times for various thing I've worked on I've always tried to have a few on deck or at least run a scan every month or two to freshen up w/e ones I did have. Lately though I was scanning mainly just to help out some friends if they needed them. I can't really use them for what I do personally so I buy my subscriptions, but I have a few friends I've just been kicking them to as they needed them lately.
     
    • Thanks Thanks x 1
  13. proxygo

    proxygo Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 2, 2008
    Messages:
    10,297
    Likes Received:
    8,717
    all CN proxies are junk and worthless all the 7808, and 8909.
    basically anything listed as CN bin it.......all those proxies
    you see with a 5 port ending bin it...

    stick to anything except china and use 8080 - 3128 - 443 -

    as a retired proxfire admin the only way to get the best out
    of proxyfire tcp scanning is xp+sp1 only if u try on anything else
    tcp scan will fail, im scanning right now and ill show u it works fine
    sorry i cut my ranges out i use them everyday to make google passed
    proxie lists for my subs

    [​IMG]

    ALL FROM SCANNING

    [​IMG]
     
    Last edited: Aug 31, 2013
  14. akacash

    akacash Jr. VIP Jr. VIP

    Joined:
    Jan 16, 2010
    Messages:
    806
    Likes Received:
    575
    Location:
    The Beach, USA
    Yeah I understand cutting out the ranges lol. I don't use proxyfire for anything, but those seem like some nice lookin numbers for it. And yeah all that stuff you listed there is total junk usually. I got a whole text file full of CN proxies I have no use for. The 7808 and 8909's are funny kinda, they're all just 3128 proxies with another port open that they scan valid on. I would just change all the 7808 and 8909's to port 3128 and dupekill it if I were scraping public lists, save yourself some false hope when you realize your list of 500 is now 350 because you had the same ip 3 times in row on multiple occasions just with those 2 ports next to it each time.
     
  15. proxygo

    proxygo Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 2, 2008
    Messages:
    10,297
    Likes Received:
    8,717
    for me cn shows google passed but they scrape NOTHING zip squat.
    the pc i run for port scanning is 6 yrs old
    xp+sp1+ proxyfire tcp scanning works like a dream

    trick is - knowing where to scan, not random scanning
    thats a time waster , building exact ranges to scan is the art
    that way u only scan what yields results
     
  16. JFoulds

    JFoulds Power Member

    Joined:
    Apr 22, 2011
    Messages:
    538
    Likes Received:
    480
    Occupation:
    Genius billionaire playboy philanthropist
    Or alternatively, don't use Windows at all...
     
  17. proxygo

    proxygo Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 2, 2008
    Messages:
    10,297
    Likes Received:
    8,717
    most vpns wont allow it - certain isps dont care but its few
     
  18. JFoulds

    JFoulds Power Member

    Joined:
    Apr 22, 2011
    Messages:
    538
    Likes Received:
    480
    Occupation:
    Genius billionaire playboy philanthropist
    !Windows != VPN...
     
    Last edited: Aug 31, 2013
  19. dedoek

    dedoek Newbie

    Joined:
    Sep 27, 2013
    Messages:
    3
    Likes Received:
    0
    I am currently searching for the same. NEed to find a hosting company / ISP that does not ban me from internet for port scanning. For doing some research I want to use masscan and my last provider banned me ;-(.

    Would be very interested to hear any links to hosters that allow portscans...
     
  20. dedoek

    dedoek Newbie

    Joined:
    Sep 27, 2013
    Messages:
    3
    Likes Received:
    0
    Any names of ISP's?