Go Back   Technibble Forums > General Computers > Tech-to-Tech Computer Help

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 08-25-2010, 10:19 PM
B Trevathan B Trevathan is offline
 
Join Date: Nov 2009
Location: Tennessee, USA
Posts: 515
B Trevathan is on a distinguished road
Default Has anybody every filed a computer intrusion complaint?

Has anybody every filed a computer intrusion complaint with The Internet Crime Complaint Center (IC3) or The Computer Crime & Intellectual Property Section of United States Department of Justice?

The reason I'm asking is because I've been having my computer ports scanned a lot in the last month and when I looked up the IP addresses most of them are from China! I really don't want to report them but it is getting to be really annoying.

On older systems I use a third party firewall and ever time the ports are scanned the firewall sounds a warning sound and pops up a warning message and flashes the firewall icon in the system tray. This is getting to be so annoying, because they've been scanning so much in the last month. I can turn off the warning sounds and/or messages but I really want to know when the ports are being scanned. I've create rules to block any connection to the IP addresses but the warnings still come up when they try to scan the ports.

On newer systems I've never seen the windows firewall pop up telling me that someone is scanning the ports (I don't think it even pops up any inbound warnings) but I went ahead and made an inbound rule to block the IP addresses that have been scanning my computer the most. I have checked the windows firewall log after I created the inbound rule but I can't find any entries for the blocked IP addresses so I can only assume that they are being blocked.

I know they are not targeting me individually because my IP address is dynamic so they are not targeting the same IP address over and over again. Also they are scanning at all times of day and night and everyday so they probably just have their port scanner running all the time. I think they are just looking for any computer that has a weakness such as a poor firewall or a firewall that is down because of malware, I think of all the times I have seen users firewalls turned off and antimalware programs not working, just think of all the software keys, passwords and credit card numbers they must be getting, no wonder ID thief and software piracy is so bad.

I have contacted my ISP by phone and sent them emails with the IP addresses hoping they could block the port scanners but they just say their network is wide open and they don't apply filters of any kind and recommend that everyone have a good antivirus program. If you've ever done much malware removal you've seen machines with malware on them that are running all the good (popular) antivirus programs.

Here are the some of the IP addresses if anybody wants to create inbound rules to block them:
202.102.234.71
58.218.204.110
222.186.13.212
There's more but these scan several times a day.
Reply With Quote
  #2  
Old 08-25-2010, 11:22 PM
14049752 14049752 is offline
 
Join Date: Mar 2008
Posts: 3,314
14049752 has a spectacular aura about14049752 has a spectacular aura about
Default

I'm curious why you'd have a computer in any position to be scanned. Shouldn't you have a router between your pc and the modem? I mean, I know technically you don't need one, but it's better for security than relying on a software firewall alone.
Reply With Quote
  #3  
Old 08-25-2010, 11:54 PM
hondablaster's Avatar
hondablaster hondablaster is offline
 
Join Date: May 2009
Location: San Diego, CA
Posts: 853
hondablaster is on a distinguished road
Send a message via AIM to hondablaster
Default

As the other poster said you should invest in a router of some kind. A subnet between you and the net is a must. (as the net gets faster it will get worse) If you got the parts laying around you can make a powerful router that can handle as many ports as your PC can create.

http://m0n0.ch/wall/

2 NICs and a scrap PC and your off to the races. Throw in a switch or AP and you can add tons of PCs because the NAT table is based off how much ram your running I believe.
__________________
CompTIA A+, N+ Certified, Microsoft Desktop Support Technician. http://www.sd-techblog.com

Last edited by hondablaster; 08-25-2010 at 11:59 PM.
Reply With Quote
  #4  
Old 08-26-2010, 12:40 AM
vdub12's Avatar
vdub12 vdub12 is offline
 
Join Date: Mar 2010
Posts: 2,509
vdub12 is on a distinguished road
Default

iptables -A INPUT -s 202.102.234.71 -j DROP
iptables -A INPUT -s 58.218.204.110 -j DROP
iptables -A INPUT -s 222.186.13.212 -j DROP
__________________
CyberCPU Computer Repair
Reply With Quote
  #5  
Old 08-26-2010, 04:27 AM
B Trevathan B Trevathan is offline
 
Join Date: Nov 2009
Location: Tennessee, USA
Posts: 515
B Trevathan is on a distinguished road
Default

Quote:
Originally Posted by 14049752 View Post
I'm curious why you'd have a computer in any position to be scanned. Shouldn't you have a router between your pc and the modem? I mean, I know technically you don't need one, but it's better for security than relying on a software firewall alone.
I am in a very small town and most of the people here only have dial up internet access and it is that way in three or four of the five counties that surround me. Some of the people here only get 14 Kbps, yes I said that right only 14 Kbps believe it or not. I'd say about 80% of the computers I work on only have dial up, so no routers. Even most of my customers with DSL or cable don't use routers.

I'm not really worried about anyone getting into any of my systems, I am just annoyed with the constant attempts from them trying to get into my system, I am 99% sure they will not get in, but even if they did get in my firewall is not my only security program, I would never rely on just one program alone to stop malware.
Reply With Quote
  #6  
Old 08-26-2010, 04:45 AM
B Trevathan B Trevathan is offline
 
Join Date: Nov 2009
Location: Tennessee, USA
Posts: 515
B Trevathan is on a distinguished road
Default

Quote:
Originally Posted by vdub12 View Post
iptables -A INPUT -s 202.102.234.71 -j DROP
iptables -A INPUT -s 58.218.204.110 -j DROP
iptables -A INPUT -s 222.186.13.212 -j DROP
You've got me on this one, I don't understand. Isn't that Linux commands, how can this help me with people trying to scan the ports on a windows machine?
Reply With Quote
  #7  
Old 08-26-2010, 05:59 AM
Martyn's Avatar
Martyn Martyn is online now
Administrator
 
Join Date: Apr 2010
Location: Bedfordshire UK
Posts: 5,637
Martyn has a spectacular aura aboutMartyn has a spectacular aura about
Default

This goes on all the time just make sure you're well protected.
Reply With Quote
  #8  
Old 08-26-2010, 06:32 AM
vdub12's Avatar
vdub12 vdub12 is offline
 
Join Date: Mar 2010
Posts: 2,509
vdub12 is on a distinguished road
Default

Quote:
Originally Posted by B Trevathan View Post
You've got me on this one, I don't understand. Isn't that Linux commands, how can this help me with people trying to scan the ports on a windows machine?
Most routers are Linux based.

Honestly I have no idea how you can protect Windows without a router. Good luck with that, lol.
__________________
CyberCPU Computer Repair
Reply With Quote
  #9  
Old 08-26-2010, 06:48 AM
B Trevathan B Trevathan is offline
 
Join Date: Nov 2009
Location: Tennessee, USA
Posts: 515
B Trevathan is on a distinguished road
Default

Quote:
Originally Posted by Martyn View Post
This goes on all the time just make sure you're well protected.
Yeah, I've had my ports scanned before and I'm not really worried about anyone getting into any of my systems, I am just annoyed with the constant attempts from them trying to get into my system, for the last month the firewalls on the older systems have been popping up alerts so much it has become very annoying. The 202.102.234.71 address I think scans about once every hour very annoying. I guess the more computers they get into that means more possible customers for me to secure their computer.

They have been talking on the news about 9/11 and terrorists, and even here on the forum about cyberwarfare so it can get you thinking about people from another country attacking your computer systems and with these address from China scanning so much in the last month, I was wondering if reporting them to IC3 would do any good, I guess they would just get a new IP address and start over.

My ports are protected by a firewall, when I go to a site like ShieldsUP or AuditMyPC and test the firewall all the ports come back as stealth not open or closed but stealth meaning basically to the port scanner that there is no port there.

"Stealth means all ports do not respond to external connection attempts. Packets intended for any port will be dropped, meaning that no indication will be given to the machine sending the packet whether the packet has been delivered or whether the connection attempt has been rejected."

I think the port scanners are just using a series of IP address to scan and I just happen to be assigned one of those IP address at the time that their port scanner is scanning that IP address for a computer and any open ports. They are just scanning for anything connected to IP addresses.

Thanks
Reply With Quote
  #10  
Old 08-26-2010, 06:55 AM
vdub12's Avatar
vdub12 vdub12 is offline
 
Join Date: Mar 2010
Posts: 2,509
vdub12 is on a distinguished road
Default

Quote:
Originally Posted by B Trevathan View Post
Yeah, I've had my ports scanned before and I'm not really worried about anyone getting into any of my systems, I am just annoyed with the constant attempts from them trying to get into my system, for the last month the firewalls on the older systems have been popping up alerts so much it has become very annoying. The 202.102.234.71 address I think scans about once every hour very annoying. I guess the more computers they get into that means more possible customers for me to secure their computer.

They have been talking on the news about 9/11 and terrorists, and even here on the forum about cyberwarfare so it can get you thinking about people from another country attacking your computer systems and with these address from China scanning so much in the last month, I was wondering if reporting them to IC3 would do any good, I guess they would just get a new IP address and start over.

My ports are protected by a firewall, when I go to a site like ShieldsUP or AuditMyPC and test the firewall all the ports come back as stealth not open or closed but stealth meaning basically to the port scanner that there is no port there.

"Stealth means all ports do not respond to external connection attempts. Packets intended for any port will be dropped, meaning that no indication will be given to the machine sending the packet whether the packet has been delivered or whether the connection attempt has been rejected."

I think the port scanners are just using a series of IP address to scan and I just happen to be assigned one of those IP address at the time that their port scanner is scanning that IP address for a computer and any open ports. They are just scanning for anything connected to IP addresses.

Thanks
Only port 80 comes up for me but I host my website so it would.
__________________
CyberCPU Computer Repair
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:01 PM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.