PDA

View Full Version : Has anybody every filed a computer intrusion complaint?


B Trevathan
08-25-2010, 11:19 PM
Has anybody every filed a computer intrusion complaint with The Internet Crime Complaint Center (IC3) (http://www.ic3.gov/default.aspx) or The Computer Crime & Intellectual Property Section of United States Department of Justice (http://www.justice.gov/criminal/cybercrime/reporting.htm)?

The reason I'm asking is because I've been having my computer ports scanned a lot in the last month and when I looked up the IP addresses most of them are from China! I really don't want to report them but it is getting to be really annoying.

On older systems I use a third party firewall and ever time the ports are scanned the firewall sounds a warning sound and pops up a warning message and flashes the firewall icon in the system tray. This is getting to be so annoying, because they've been scanning so much in the last month. I can turn off the warning sounds and/or messages but I really want to know when the ports are being scanned. I've create rules to block any connection to the IP addresses but the warnings still come up when they try to scan the ports.

On newer systems I've never seen the windows firewall pop up telling me that someone is scanning the ports (I don't think it even pops up any inbound warnings) but I went ahead and made an inbound rule to block the IP addresses that have been scanning my computer the most. I have checked the windows firewall log after I created the inbound rule but I can't find any entries for the blocked IP addresses so I can only assume that they are being blocked.

I know they are not targeting me individually because my IP address is dynamic so they are not targeting the same IP address over and over again. Also they are scanning at all times of day and night and everyday so they probably just have their port scanner running all the time. I think they are just looking for any computer that has a weakness such as a poor firewall or a firewall that is down because of malware, I think of all the times I have seen users firewalls turned off and antimalware programs not working, just think of all the software keys, passwords and credit card numbers they must be getting, no wonder ID thief and software piracy is so bad.

I have contacted my ISP by phone and sent them emails with the IP addresses hoping they could block the port scanners but they just say their network is wide open and they don't apply filters of any kind and recommend that everyone have a good antivirus program. If you've ever done much malware removal you've seen machines with malware on them that are running all the good (popular) antivirus programs.

Here are the some of the IP addresses if anybody wants to create inbound rules to block them:
202.102.234.71
58.218.204.110
222.186.13.212
There's more but these scan several times a day.

14049752
08-26-2010, 12:22 AM
I'm curious why you'd have a computer in any position to be scanned. Shouldn't you have a router between your pc and the modem? I mean, I know technically you don't need one, but it's better for security than relying on a software firewall alone.

hondablaster
08-26-2010, 12:54 AM
As the other poster said you should invest in a router of some kind. A subnet between you and the net is a must. (as the net gets faster it will get worse) If you got the parts laying around you can make a powerful router that can handle as many ports as your PC can create.

http://m0n0.ch/wall/

2 NICs and a scrap PC and your off to the races. Throw in a switch or AP and you can add tons of PCs because the NAT table is based off how much ram your running I believe.

vdub12
08-26-2010, 01:40 AM
iptables -A INPUT -s 202.102.234.71 -j DROP
iptables -A INPUT -s 58.218.204.110 -j DROP
iptables -A INPUT -s 222.186.13.212 -j DROP

B Trevathan
08-26-2010, 05:27 AM
I'm curious why you'd have a computer in any position to be scanned. Shouldn't you have a router between your pc and the modem? I mean, I know technically you don't need one, but it's better for security than relying on a software firewall alone.

I am in a very small town and most of the people here only have dial up internet access and it is that way in three or four of the five counties that surround me. Some of the people here only get 14 Kbps, yes I said that right only 14 Kbps believe it or not. I'd say about 80% of the computers I work on only have dial up, so no routers. Even most of my customers with DSL or cable don't use routers.

I'm not really worried about anyone getting into any of my systems, I am just annoyed with the constant attempts from them trying to get into my system, I am 99% sure they will not get in, but even if they did get in my firewall is not my only security program, I would never rely on just one program alone to stop malware.

B Trevathan
08-26-2010, 05:45 AM
iptables -A INPUT -s 202.102.234.71 -j DROP
iptables -A INPUT -s 58.218.204.110 -j DROP
iptables -A INPUT -s 222.186.13.212 -j DROP

You've got me on this one, I don't understand. Isn't that Linux commands, how can this help me with people trying to scan the ports on a windows machine?

Martyn
08-26-2010, 06:59 AM
This goes on all the time just make sure you're well protected.

vdub12
08-26-2010, 07:32 AM
You've got me on this one, I don't understand. Isn't that Linux commands, how can this help me with people trying to scan the ports on a windows machine?

Most routers are Linux based.

Honestly I have no idea how you can protect Windows without a router. Good luck with that, lol. :D

B Trevathan
08-26-2010, 07:48 AM
This goes on all the time just make sure you're well protected.

Yeah, I've had my ports scanned before and I'm not really worried about anyone getting into any of my systems, I am just annoyed with the constant attempts from them trying to get into my system, for the last month the firewalls on the older systems have been popping up alerts so much it has become very annoying. The 202.102.234.71 address I think scans about once every hour very annoying. I guess the more computers they get into that means more possible customers for me to secure their computer.

They have been talking on the news about 9/11 and terrorists, and even here on the forum about cyberwarfare (http://www.technibble.com/forums/showthread.php?t=19313) so it can get you thinking about people from another country attacking your computer systems and with these address from China scanning so much in the last month, I was wondering if reporting them to IC3 (http://www.ic3.gov/default.aspx) would do any good, I guess they would just get a new IP address and start over.

My ports are protected by a firewall, when I go to a site like ShieldsUP (https://www.grc.com/x/ne.dll?bh0bkyd2) or AuditMyPC (http://www.auditmypc.com/firewall-test.asp) and test the firewall all the ports come back as stealth not open or closed but stealth meaning basically to the port scanner that there is no port there.

"Stealth means all ports do not respond to external connection attempts. Packets intended for any port will be dropped, meaning that no indication will be given to the machine sending the packet whether the packet has been delivered or whether the connection attempt has been rejected."

I think the port scanners are just using a series of IP address to scan and I just happen to be assigned one of those IP address at the time that their port scanner is scanning that IP address for a computer and any open ports. They are just scanning for anything connected to IP addresses.

Thanks

vdub12
08-26-2010, 07:55 AM
Yeah, I've had my ports scanned before and I'm not really worried about anyone getting into any of my systems, I am just annoyed with the constant attempts from them trying to get into my system, for the last month the firewalls on the older systems have been popping up alerts so much it has become very annoying. The 202.102.234.71 address I think scans about once every hour very annoying. I guess the more computers they get into that means more possible customers for me to secure their computer.

They have been talking on the news about 9/11 and terrorists, and even here on the forum about cyberwarfare (http://www.technibble.com/forums/showthread.php?t=19313) so it can get you thinking about people from another country attacking your computer systems and with these address from China scanning so much in the last month, I was wondering if reporting them to IC3 (http://www.ic3.gov/default.aspx) would do any good, I guess they would just get a new IP address and start over.

My ports are protected by a firewall, when I go to a site like ShieldsUP (https://www.grc.com/x/ne.dll?bh0bkyd2) or AuditMyPC (http://www.auditmypc.com/firewall-test.asp) and test the firewall all the ports come back as stealth not open or closed but stealth meaning basically to the port scanner that there is no port there.

"Stealth means all ports do not respond to external connection attempts. Packets intended for any port will be dropped, meaning that no indication will be given to the machine sending the packet whether the packet has been delivered or whether the connection attempt has been rejected."

I think the port scanners are just using a series of IP address to scan and I just happen to be assigned one of those IP address at the time that their port scanner is scanning that IP address for a computer and any open ports. They are just scanning for anything connected to IP addresses.

Thanks

Only port 80 comes up for me but I host my website so it would.

B Trevathan
08-26-2010, 08:18 AM
Honestly I have no idea how you can protect Windows without a router. Good luck with that, lol. :D

Go figure, I seem to be doing pretty well at it. :confused: Most of my first time customers bring their computers to me because of a malware infection but when they bring them in again it mostly for something like a bad PSU or memory upgrade or modem replacement. They often tell me how much better and faster their computer is since I removed the malware but I guess most of it is because I always take the time to tell them don't do this and do that, you know like don't click on the link in the email and do keep the AV updated.

Martyn
08-26-2010, 08:54 AM
Sometimes these scans can be innocent. Years ago when I was studying for an exam and ports in particular I used a port scanner just to see what ports were open. :p If you want to check out your security then go to the Steve Gibsons site at www.grc.com and then to Shieldsup. That will check your vulnerabilities. In my last company when I was setting up internal web servers I always used to run that port check to cover myself. You know I was in there doing 'something on the server' and they got hacked or a virus soon after therefore it must be me by default.:p

Also you can get a lot of info on the ip address at http://whois.domaintools.com

MobileTechie
08-26-2010, 11:14 AM
What? You're being scanned from China?! Good god - call the pentagon immediately!

Everyone gets scanned by China. There are search bots, dodgy bots, port scanners, all sorts.

If you think reporting a Chinese IP address will have any effect at all you are tripping.

Put a decent firewall in, check it with ShieldsUp and forget abou tit.

tkrabec
08-26-2010, 11:30 AM
google for the CDIR lists, they contain the mapping of IPs to countries. Add the ones you do not service or want business from and you're done.