dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
843
share rss forum feed


tlg
Premium
join:2001-08-23
Melbourne, FL

Port Scans from China

About once a week I get port scanned from 58.218.199.250. If I trace this back it goes to a Chinese ISP. Any possibility of getting this IP black holed at BHN's router?
--
twitter.com/tgaume


BHNtechXpert
BHN Staff
Premium,VIP
join:2006-02-16
Saint Petersburg, FL
kudos:151
TLG unfortunately probably not for a number of reasons. What you can do is submit your request to abuse@rr.com and they will investigate.


tlg
Premium
join:2001-08-23
Melbourne, FL
Thanks, I'll do that with a copy of my logs showing the repeated intrusion attempts. I'm betting I'm not the only one that shows that IP scanning their gateway. They probably scan the full CIDR block looking for vulnerabilities.
--
twitter.com/tgaume


BHNtechXpert
BHN Staff
Premium,VIP
join:2006-02-16
Saint Petersburg, FL
kudos:151
reply to tlg
It happens to me constantly....hence the reason for a good firewall...I've often toyed with the idea of isolating that specific traffic out and giving them something really juicy to chew on call it a care package from hell if you will....let your eeeevil mind kick in for just a couple of seconds I'm sure you will get the idea. Hey they come looking for something...give them something..of course they might not wanna play with it but whos fault is it for poking around on someone elses network.
--
~All truth goes through three phases. First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as self-evident. - Arthur Schopenhauer ~


tim tim tim

join:2010-08-14
Lutz, FL
kudos:2
reply to tlg
how are you able to see when they are trying to scan your ports?


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
said by tim tim tim:

how are you able to see when they are trying to scan your ports?

Router/firewall logs.

Example router log.

This log shows a requested port scan from "GRC Shields UP!", but unsolicited probes are also logged. I would show something more recent, but the Pace 4111N provided by my ISP does not log remote connection attempts.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


BeesTea
Internet Janitor
Premium,VIP
join:2003-03-08
00000
reply to tlg
Are they probes for TCP/1080 ? The same IP has shown up for months scanning for for it. Presumably looking for open SOCKS proxies.
--
Overpower, overcome.