dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
706
share rss forum feed


tlg
Premium
join:2001-08-23
Melbourne, FL

Port Scans from China

About once a week I get port scanned from 58.218.199.250. If I trace this back it goes to a Chinese ISP. Any possibility of getting this IP black holed at BHN's router?
--
twitter.com/tgaume



BHNtechXpert
BHN Staff
Premium,VIP
join:2006-02-16
Saint Petersburg, FL
kudos:138

TLG unfortunately probably not for a number of reasons. What you can do is submit your request to abuse@rr.com and they will investigate.



tlg
Premium
join:2001-08-23
Melbourne, FL

Thanks, I'll do that with a copy of my logs showing the repeated intrusion attempts. I'm betting I'm not the only one that shows that IP scanning their gateway. They probably scan the full CIDR block looking for vulnerabilities.
--
twitter.com/tgaume



BHNtechXpert
BHN Staff
Premium,VIP
join:2006-02-16
Saint Petersburg, FL
kudos:138
reply to tlg

It happens to me constantly....hence the reason for a good firewall...I've often toyed with the idea of isolating that specific traffic out and giving them something really juicy to chew on call it a care package from hell if you will....let your eeeevil mind kick in for just a couple of seconds I'm sure you will get the idea. Hey they come looking for something...give them something..of course they might not wanna play with it but whos fault is it for poking around on someone elses network.
--
~All truth goes through three phases. First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as self-evident. - Arthur Schopenhauer ~


tim tim tim

join:2010-08-14
Lutz, FL
kudos:2
reply to tlg

how are you able to see when they are trying to scan your ports?



NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC

said by tim tim tim:

how are you able to see when they are trying to scan your ports?

Router/firewall logs.

Example router log.

This log shows a requested port scan from "GRC Shields UP!", but unsolicited probes are also logged. I would show something more recent, but the Pace 4111N provided by my ISP does not log remote connection attempts.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


BeesTea
Internet Janitor
Premium,VIP
join:2003-03-08
00000
reply to tlg

Are they probes for TCP/1080 ? The same IP has shown up for months scanning for for it. Presumably looking for open SOCKS proxies.
--
Overpower, overcome.