Has anybody every filed a computer intrusion complaint?

[B Trevathan]

Has anybody every filed a computer intrusion complaint with The Internet Crime Complaint Center (IC3) or The Computer Crime & Intellectual Property Section of United States Department of Justice?

The reason I'm asking is because I've been having my computer ports scanned a lot in the last month and when I looked up the IP addresses most of them are from China! I really don't want to report them but it is getting to be really annoying.

On older systems I use a third party firewall and ever time the ports are scanned the firewall sounds a warning sound and pops up a warning message and flashes the firewall icon in the system tray. This is getting to be so annoying, because they've been scanning so much in the last month. I can turn off the warning sounds and/or messages but I really want to know when the ports are being scanned. I've create rules to block any connection to the IP addresses but the warnings still come up when they try to scan the ports.

On newer systems I've never seen the windows firewall pop up telling me that someone is scanning the ports (I don't think it even pops up any inbound warnings) but I went ahead and made an inbound rule to block the IP addresses that have been scanning my computer the most. I have checked the windows firewall log after I created the inbound rule but I can't find any entries for the blocked IP addresses so I can only assume that they are being blocked.

I know they are not targeting me individually because my IP address is dynamic so they are not targeting the same IP address over and over again. Also they are scanning at all times of day and night and everyday so they probably just have their port scanner running all the time. I think they are just looking for any computer that has a weakness such as a poor firewall or a firewall that is down because of malware, I think of all the times I have seen users firewalls turned off and antimalware programs not working, just think of all the software keys, passwords and credit card numbers they must be getting, no wonder ID thief and software piracy is so bad.

I have contacted my ISP by phone and sent them emails with the IP addresses hoping they could block the port scanners but they just say their network is wide open and they don't apply filters of any kind and recommend that everyone have a good antivirus program. If you've ever done much malware removal you've seen machines with malware on them that are running all the good (popular) antivirus programs.

Here are the some of the IP addresses if anybody wants to create inbound rules to block them:
202.102.234.71
58.218.204.110
222.186.13.212
There's more but these scan several times a day.

[14049752]

I'm curious why you'd have a computer in any position to be scanned. Shouldn't you have a router between your pc and the modem? I mean, I know technically you don't need one, but it's better for security than relying on a software firewall alone.

[hondablaster]

As the other poster said you should invest in a router of some kind. A subnet between you and the net is a must. (as the net gets faster it will get worse) If you got the parts laying around you can make a powerful router that can handle as many ports as your PC can create.

http://m0n0.ch/wall/

2 NICs and a scrap PC and your off to the races. Throw in a switch or AP and you can add tons of PCs because the NAT table is based off how much ram your running I believe.

[vdub12]

iptables -A INPUT -s 202.102.234.71 -j DROP
iptables -A INPUT -s 58.218.204.110 -j DROP
iptables -A INPUT -s 222.186.13.212 -j DROP

[B Trevathan]

Quote:

Originally Posted by 14049752

I'm curious why you'd have a computer in any position to be scanned. Shouldn't you have a router between your pc and the modem? I mean, I know technically you don't need one, but it's better for security than relying on a software firewall alone.

I am in a very small town and most of the people here only have dial up internet access and it is that way in three or four of the five counties that surround me. Some of the people here only get 14 Kbps, yes I said that right only 14 Kbps believe it or not. I'd say about 80% of the computers I work on only have dial up, so no routers. Even most of my customers with DSL or cable don't use routers.

I'm not really worried about anyone getting into any of my systems, I am just annoyed with the constant attempts from them trying to get into my system, I am 99% sure they will not get in, but even if they did get in my firewall is not my only security program, I would never rely on just one program alone to stop malware.

[B Trevathan]

Quote:

Originally Posted by vdub12

iptables -A INPUT -s 202.102.234.71 -j DROP
iptables -A INPUT -s 58.218.204.110 -j DROP
iptables -A INPUT -s 222.186.13.212 -j DROP

You've got me on this one, I don't understand. Isn't that Linux commands, how can this help me with people trying to scan the ports on a windows machine?

[Martyn]

This goes on all the time just make sure you're well protected.

[vdub12]

Quote:

Originally Posted by B Trevathan

You've got me on this one, I don't understand. Isn't that Linux commands, how can this help me with people trying to scan the ports on a windows machine?

Most routers are Linux based.

Honestly I have no idea how you can protect Windows without a router. Good luck with that, lol.

[B Trevathan]

Quote:

Originally Posted by Martyn

This goes on all the time just make sure you're well protected.

Yeah, I've had my ports scanned before and I'm not really worried about anyone getting into any of my systems, I am just annoyed with the constant attempts from them trying to get into my system, for the last month the firewalls on the older systems have been popping up alerts so much it has become very annoying. The 202.102.234.71 address I think scans about once every hour very annoying. I guess the more computers they get into that means more possible customers for me to secure their computer.

They have been talking on the news about 9/11 and terrorists, and even here on the forum about cyberwarfare so it can get you thinking about people from another country attacking your computer systems and with these address from China scanning so much in the last month, I was wondering if reporting them to IC3 would do any good, I guess they would just get a new IP address and start over.

My ports are protected by a firewall, when I go to a site like ShieldsUP or AuditMyPC and test the firewall all the ports come back as stealth not open or closed but stealth meaning basically to the port scanner that there is no port there.

"Stealth means all ports do not respond to external connection attempts. Packets intended for any port will be dropped, meaning that no indication will be given to the machine sending the packet whether the packet has been delivered or whether the connection attempt has been rejected."

I think the port scanners are just using a series of IP address to scan and I just happen to be assigned one of those IP address at the time that their port scanner is scanning that IP address for a computer and any open ports. They are just scanning for anything connected to IP addresses.

Thanks

[vdub12]

Quote:

Originally Posted by B Trevathan

Yeah, I've had my ports scanned before and I'm not really worried about anyone getting into any of my systems, I am just annoyed with the constant attempts from them trying to get into my system, for the last month the firewalls on the older systems have been popping up alerts so much it has become very annoying. The 202.102.234.71 address I think scans about once every hour very annoying. I guess the more computers they get into that means more possible customers for me to secure their computer.

They have been talking on the news about 9/11 and terrorists, and even here on the forum about cyberwarfare so it can get you thinking about people from another country attacking your computer systems and with these address from China scanning so much in the last month, I was wondering if reporting them to IC3 would do any good, I guess they would just get a new IP address and start over.

My ports are protected by a firewall, when I go to a site like ShieldsUP or AuditMyPC and test the firewall all the ports come back as stealth not open or closed but stealth meaning basically to the port scanner that there is no port there.

"Stealth means all ports do not respond to external connection attempts. Packets intended for any port will be dropped, meaning that no indication will be given to the machine sending the packet whether the packet has been delivered or whether the connection attempt has been rejected."

I think the port scanners are just using a series of IP address to scan and I just happen to be assigned one of those IP address at the time that their port scanner is scanning that IP address for a computer and any open ports. They are just scanning for anything connected to IP addresses.

Thanks

Only port 80 comes up for me but I host my website so it would.