Topic 'Port Scans from China' in forum 'Bright House Networks' - dslreports.com

Re: Port Scans from China

Mon, 11 Feb 2013 17:16:27 EDT

BeesTea posted : Are they probes for TCP/1080 ? The same IP has shown up for months scanning for for it. Presumably looking for open SOCKS proxies.
--
Overpower, overcome.

Re: Port Scans from China

Mon, 11 Feb 2013 15:48:11 EDT

NormanS posted :

said by tim tim tim:

how are you able to see when they are trying to scan your ports?

Router/firewall logs.
[ATT=1]
This log shows a requested port scan from "GRC Shields UP!", but unsolicited probes are also logged. I would show something more recent, but the Pace 4111N provided by my ISP does not log remote connection attempts.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Example router log.

Re: Port Scans from China

Mon, 11 Feb 2013 10:53:06 EDT

tim tim tim posted : how are you able to see when they are trying to scan your ports?

Re: Port Scans from China

Mon, 11 Feb 2013 00:15:27 EDT

BHNtechXpert posted : It happens to me constantly....hence the reason for a good firewall...I've often toyed with the idea of isolating that specific traffic out and giving them something really juicy to chew on call it a care package from hell if you will....let your eeeevil mind kick in for just a couple of seconds :) I'm sure you will get the idea. Hey they come looking for something...give them something..of course they might not wanna play with it but whos fault is it for poking around on someone elses network.
--
~All truth goes through three phases. First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as self-evident. - Arthur Schopenhauer ~

Re: Port Scans from China

Mon, 11 Feb 2013 00:09:09 EDT

tlg posted : Thanks, I'll do that with a copy of my logs showing the repeated intrusion attempts. I'm betting I'm not the only one that shows that IP scanning their gateway. They probably scan the full CIDR block looking for vulnerabilities.
--
twitter.com/tgaume

Re: Port Scans from China

Mon, 11 Feb 2013 00:06:51 EDT

BHNtechXpert posted : TLG unfortunately probably not for a number of reasons. What you can do is submit your request to abuse@rr.com and they will investigate.

Port Scans from China

Sun, 10 Feb 2013 22:58:07 EDT

tlg posted : About once a week I get port scanned from 58.218.199.250. If I trace this back it goes to a Chinese ISP. Any possibility of getting this IP black holed at BHN's router?
--
twitter.com/tgaume