1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Constant port scans

Discussion in 'Tech Support' started by boiled_elephant, 6 Aug 2008.

  1. boiled_elephant

    boiled_elephant Merom Celeron 4 lyfe

    Joined:
    14 Jul 2004
    Posts:
    6,665
    Likes Received:
    909
    Every single night, with intervals ranging from 10 mins to 5 hours, I get unsuccessful port scans from 125.65.165.139 and 222.208.183.218. There seems to be no particular pattern to the scans, and every week or so it's a different address or 2, but it keeps happening. Are these likely to be part of a continuous specific attack, or just random prying?
     
  2. MixWizard

    MixWizard What's a Dremel?

    Joined:
    16 Jan 2007
    Posts:
    163
    Likes Received:
    0
    strangely those 2 ips in particular are chinese telcoms. Are you on a hamachi network, and is a port scan or is it an ICMP request
     
  3. boiled_elephant

    boiled_elephant Merom Celeron 4 lyfe

    Joined:
    14 Jul 2004
    Posts:
    6,665
    Likes Received:
    909
    Not that I know of, to either question. I remember querying them a while back and being baffled by the (physical) addresses they yielded. It's really frequent now, and therefore quite disruptive. Also, I have no idea what an ICMP request is, despite having tried to read the wiki ^^
    I dunno. If they were malicious, they wouldn't be so doggedly repetitive and easily stopped, would they?

    They certainly wouldn't be traceable to a chinese telecom. Wtf.
     
  4. MixWizard

    MixWizard What's a Dremel?

    Joined:
    16 Jan 2007
    Posts:
    163
    Likes Received:
    0
    A simple trace of the IPs show them as originating from a chinese address. My understanding of an ICMP request is just a basic ping that see's if you are there, i constantly get them from an ip of someone on one of my hamachi networks. What firewall software are you using to detect these? and are they showing as port scans?
     
  5. Smegwarrior

    Smegwarrior Fighting the war on smeg

    Joined:
    19 Nov 2007
    Posts:
    312
    Likes Received:
    0
    Ping them back each time they ping you, they may give up if they realise you are on to them. ;)

    Would there be any way to automate that?
     
  6. boiled_elephant

    boiled_elephant Merom Celeron 4 lyfe

    Joined:
    14 Jul 2004
    Posts:
    6,665
    Likes Received:
    909
    Not with my existing made-for-AOL-grannies security package, Bullguard. It's solid, but not very multi-functional. I suppose I could ping the addresses in command prompt, right? I really don't understand why someone's probing my IP address though. Unless it's some automated business thing stuck on a loop on some company machine.
     
  7. Glider

    Glider /dev/null

    Joined:
    2 Aug 2005
    Posts:
    4,173
    Likes Received:
    21
    If you have a decent firewall and password policy, don't worry...
     
  8. MixWizard

    MixWizard What's a Dremel?

    Joined:
    16 Jan 2007
    Posts:
    163
    Likes Received:
    0
    Have you tried turning your router on and off to force you IP to change? Unless of course you have a static IP.
     
  9. Ransoman

    Ransoman What's a Dremel?

    Joined:
    18 Jul 2008
    Posts:
    105
    Likes Received:
    0
    Command prompt:

    Ping 0.0.0.0 -T

    Press CTRL + C when you want it to stop.
     
  10. Smegwarrior

    Smegwarrior Fighting the war on smeg

    Joined:
    19 Nov 2007
    Posts:
    312
    Likes Received:
    0
    Will this constantly ping everything or will this only ping the other computer when it pings yours?

    A PC version of:
    "Dave?"
    "Dave's not here man"
    "Dave?"
    "Dave's not here man"
    "No, I'm Dave"
    "Dave's not here man"
    ......
    ......
    :D
     
  11. Ransoman

    Ransoman What's a Dremel?

    Joined:
    18 Jul 2008
    Posts:
    105
    Likes Received:
    0
    That will constantly ping the address of your choice (replace 0.0.0.0 with the IP address of the scanner/pinger/hacker of course), untill you press ctrl + c. could be handy if you are trying to "scare off" the other scanner/pinger.
     
  12. Glider

    Glider /dev/null

    Joined:
    2 Aug 2005
    Posts:
    4,173
    Likes Received:
    21
    Scare off? Oh no! You pinged him! You terrorist!

    I'd be scared if I get connection requests and authorisation failures...
     
  13. boiled_elephant

    boiled_elephant Merom Celeron 4 lyfe

    Joined:
    14 Jul 2004
    Posts:
    6,665
    Likes Received:
    909
    Yes, I gave myself a crash tuition course in CMD prompt (entirely via the in-console query screens) and used the -T function. Hasn't been a problem since, touchwood. Not to be confused with torchwood.
     
  14. C-Sniper

    C-Sniper Stop Trolling this space Ądmins!

    Joined:
    17 Jun 2007
    Posts:
    3,028
    Likes Received:
    126
    When i had a FTP server, 95% of my attacks came through "Asianetcom" until i got a decent hosts.deny list up i was averaging about 500 attacks a day. All for port 22 and 21.

    If the web server isn't for anything to due with China or have Chinese people accessing it then i would recommend just blocking the entire ip range .
     
  15. barry99705

    barry99705 sudo rm -Rf /

    Joined:
    20 Apr 2008
    Posts:
    815
    Likes Received:
    15
    Give me a ping, Vasili. One ping only, please.


    On a side, I get a few hundred failed ssh attempts every day.
     
Tags:

Share This Page