Every single night, with intervals ranging from 10 mins to 5 hours, I get unsuccessful port scans from 125.65.165.139 and 222.208.183.218. There seems to be no particular pattern to the scans, and every week or so it's a different address or 2, but it keeps happening. Are these likely to be part of a continuous specific attack, or just random prying?
strangely those 2 ips in particular are chinese telcoms. Are you on a hamachi network, and is a port scan or is it an ICMP request
Not that I know of, to either question. I remember querying them a while back and being baffled by the (physical) addresses they yielded. It's really frequent now, and therefore quite disruptive. Also, I have no idea what an ICMP request is, despite having tried to read the wiki ^^ I dunno. If they were malicious, they wouldn't be so doggedly repetitive and easily stopped, would they? They certainly wouldn't be traceable to a chinese telecom. Wtf.
A simple trace of the IPs show them as originating from a chinese address. My understanding of an ICMP request is just a basic ping that see's if you are there, i constantly get them from an ip of someone on one of my hamachi networks. What firewall software are you using to detect these? and are they showing as port scans?
Ping them back each time they ping you, they may give up if they realise you are on to them. Would there be any way to automate that?
Not with my existing made-for-AOL-grannies security package, Bullguard. It's solid, but not very multi-functional. I suppose I could ping the addresses in command prompt, right? I really don't understand why someone's probing my IP address though. Unless it's some automated business thing stuck on a loop on some company machine.
Have you tried turning your router on and off to force you IP to change? Unless of course you have a static IP.
Will this constantly ping everything or will this only ping the other computer when it pings yours? A PC version of: "Dave?" "Dave's not here man" "Dave?" "Dave's not here man" "No, I'm Dave" "Dave's not here man" ...... ......
That will constantly ping the address of your choice (replace 0.0.0.0 with the IP address of the scanner/pinger/hacker of course), untill you press ctrl + c. could be handy if you are trying to "scare off" the other scanner/pinger.
Scare off? Oh no! You pinged him! You terrorist! I'd be scared if I get connection requests and authorisation failures...
Yes, I gave myself a crash tuition course in CMD prompt (entirely via the in-console query screens) and used the -T function. Hasn't been a problem since, touchwood. Not to be confused with torchwood.
When i had a FTP server, 95% of my attacks came through "Asianetcom" until i got a decent hosts.deny list up i was averaging about 500 attacks a day. All for port 22 and 21. If the web server isn't for anything to due with China or have Chinese people accessing it then i would recommend just blocking the entire ip range .
Give me a ping, Vasili. One ping only, please. On a side, I get a few hundred failed ssh attempts every day.
