republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » IPs From China
Uniqs:
408		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
HJT Log »
« Silencing the Critics: IBIS  
c4delta

join:2001-02-08
Redmond, WA

IPs From China

I have been recieving a large number of attacks from China in the last few days--I see IP addresses from China in my firewall logs.

Is anybody else seeing something similar?
permalink · 2005-04-18 13:17:51 · Reply to this
max2k1
Hibernating In Texas

join:2001-06-01
Austin, TX

Re: IPs From China

Post a sample of source IPs and the destination & source port numbers ... maybe that'll get some matches !
permalink · 2005-04-18 13:49:21 · Reply to this
c4delta

join:2001-02-08
Redmond, WA

Re: IPs From China

HITS REMOTE LOCAL
13 61.172.244.159.34034 MYBOX.1026
14 61.172.244.159.32769 MYBOX.1026
24 61.172.244.159.32830 MYBOX.1026
permalink · 2005-04-18 14:31:26 · Reply to this

NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·AT&T Southeast
·Vonage
·Cingular Wireless
·AT&T CallVantage

 Scans on the ephemeral ports beginning with 1025 are almost as common as scans of port 445. Unless you are really getting hammered (hundreds of scans per minute), it is just normal internet background noise and nothing to worry about since your firewall is blocking it.

My network typically receives hundreds of such scans daily, and thousands of port 445 scans. Many thanks to Bill Gates et al for exposing DCOM and SMB protocols to the world by default and making them such tempting targets for the evil dooers.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
permalink · 2005-04-18 15:07:52 · Print · Reply to this

exocet_cm
In memory of dadkins
Premium
join:2003-03-23
New Orleans, LA
clubs:
·Cox HSI
·Suddenlink
·Cingular Wireless
·AT&T Southeast
·Charter Pipeline

 I was fed up with Asian port scans and ended up blocking IPs from 222.0.0.0 - 222.255.255.255 (I think is the majority of allocated Asian IPs)...

I dunno if it is the OPTIMAL thing to do, but it works.
--
Jesus Rocks!
Future New Orleans Baptist student
Missionary work in Brasil is awesome!!!
permalink · 2005-04-18 16:08:03 · Reply to this
Forums » Up and Running » Security » SecurityHJT Log »
« Silencing the Critics: IBIS  

Saturday, 28-Nov 21:19:23 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [122] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [80] TiVo Sees Record Customer Losses
· [70] Verizon CEO: Hulu Will Be Dead Soon
· [69] In-Flight Internet Headed For Bumpy Landing?
· [69] Weekend Open Thread
· [62] Thanksgiving Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· Why would I want an e reader? [General Questions]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· [Newsgroups] Newzleech down? [Filesharing Software]
· Why does it take so long? Mail question [General Questions]
· ToC 4th boss - Preliminary Strategy for Twin Valkyr [World of Warcraft]
· Linksys N routers: open to Cisco's snooping? [Security]
· Using DIR-615 C1/3.01 with Trendnet TEW-652BRP in N Mode [D-Link]