exocet_cm
In memory of dadkins
Premium
join:2003-03-23
New Orleans, LA
clubs:  
 ·Cox HSI
·Suddenlink
 ·Cingular Wireless
 ·AT&T Southeast
·Charter Pipeline
| reply to c4delta
Re: IPs From China
I was fed up with Asian port scans and ended up blocking IPs from 222.0.0.0 - 222.255.255.255 (I think is the majority of allocated Asian IPs)...
I dunno if it is the OPTIMAL thing to do, but it works.
--
Jesus Rocks!
Future New Orleans Baptist student 
Missionary work in Brasil is awesome!!! |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
 ·Vonage
·AT&T Southeast
·Cingular Wireless
·AT&T CallVantage
| reply to c4delta
Scans on the ephemeral ports beginning with 1025 are almost as common as scans of port 445. Unless you are really getting hammered (hundreds of scans per minute), it is just normal internet background noise and nothing to worry about since your firewall is blocking it.
My network typically receives hundreds of such scans daily, and thousands of port 445 scans. Many thanks to Bill Gates et al for exposing DCOM and SMB protocols to the world by default and making them such tempting targets for the evil dooers.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. |
|
c4delta
join:2001-02-08
Redmond, WA | reply to max2k1
HITS REMOTE LOCAL
13 61.172.244.159.34034 MYBOX.1026
14 61.172.244.159.32769 MYBOX.1026
24 61.172.244.159.32830 MYBOX.1026 |
|
max2k1
Hibernating In Texas
join:2001-06-01
Austin, TX | reply to c4delta
Post a sample of source IPs and the destination & source port numbers ... maybe that'll get some matches ! |
|
c4delta
join:2001-02-08
Redmond, WA | I have been recieving a large number of attacks from China in the last few days--I see IP addresses from China in my firewall logs.
Is anybody else seeing something similar? |
|
