Am I Paranoid Or Should I Be Concerned


Recommended Posts

If this is in the wrong forum please move to the correct one.

For months China has been scanning me from various ISP's.

Today I want to take a stand if possible.

ISP 60.11.125.36 has been scanning UDP ports 1026,1031,4297 and 1030 all day:

5:49 am

6:36

7:32

8:32

9:31

10:29

12:22pm

1:23

4:11

6:09

7:06

Do I have to put up with this harassment or is there something I can do to stop them?

Below you will see the results of a Sam Spade search on the ISP.

whoisWhois:

@whois. MagicNetworkSolutions.comCRSNIC.netARIN.netRIPE.netAPNIC.netLACNIC.netEDUcause.n

etPIR.orgnic.MILAUnic.net

Server Used: [ whois.apnic.net ]

60.11.125.36 = [ ]

inetnum: 60.11.0.0 - 60.11.255.255

netname: CNCGROUP-HL

descr: CNCGROUP Heilongjiang Province Network

descr: China Network Communications Group Corporation

descr: No.156 Fu-Xing-Men-Nei Street

descr: Beijing 100031

country: CN

admin-c: CH444-AP

tech-c: BG63-AP

status: ALLOCATED PORTABLE

mnt-by: APNIC-HM

mnt-lower: MAINT-CNCGROUP-HL

mnt-routes: MAINT-CNCGROUP-RR

changed: [email protected] 20041231

changed: [email protected] 20050218

source: APNIC

route: 60.11.0.0/16

descr: CNC Group CHINA169 Heilongjiang Province Network

country: CN

origin: AS4837

mnt-by: MAINT-CNCGROUP-RR

changed: [email protected] 20060118

source: APNIC

person: CNCGroup Hostmaster

nic-hdl: CH444-AP

e-mail: [email protected]

address: No.156 Fu-Xing-Men-Nei Street

address: Beijing 100031 P.R.China

phone: 86-10-82993155

fax-no: 86-10-82993144

country: CN

changed: [email protected] 20041220

mnt-by: MAINT-CNCGROUP

source: APNIC

person: Binghui Gao

nic-hdl: BG63-AP

e-mail: [email protected]

address: Communication Corporation Internet Enterprise Division of HLJ

phone: 86-451-2804465

fax-no: 86-451-2804442

country: CN

changed: [email protected] 20030221

mnt-by: MAINT-CNCGROUP-HL

source: APNIC

Link to post
Share on other sites
I remember the CNC Group from china was a big source of spam a few years ago.

No doubt. ~115 million customers, ~10 million with broadband, lots of business customers, bound to be spammers and h4x0rs.

Edited by jcl
Link to post
Share on other sites

I agree with jcl, handplane, there are indeed bad people out there.

Just keep your XP box fully patched with all of the latest windows security updates, keep your anti-virus updated and scan your unit for malware and virii on a regular basis.

Do you have a firewall on your computer, handplane?

Link to post
Share on other sites
After Ad-Aware's Update on 2/8/06 a scan found 3 baddies.

Ran smitRem.exe and Panda ActiveScan and was clean.

Was wondering if the problem i got was from the Chinese.

I find that Ewido does a better scan for me I have not really trust adaware in some time now.

Link to post
Share on other sites
I agree with jcl, handplane, there are indeed bad people out there.

Just keep your XP box fully patched with all of the latest windows security updates, keep your anti-virus updated and scan your unit for malware and virii on a regular basis.

Do you have a firewall on your computer, handplane?

Yes, I try to run a tight ship.

Run Sygate and it's up to date.

Also have and they are all up to date also:

a²

SpyBot

Spywareblaster

AVG

Link to post
Share on other sites

I also discovered in the past week, Using Netscape`s newest build 8.1. That it has a fantastic Spyware scanner built into it's new Security Center.

You need to have the browser up and running to run the spyware scan. But after an incident this last week. I have started using it on a full time bases along with all my other scans. It found some things all the others missed.

Just something you might consider trying.

Link to post
Share on other sites

By saying you know who & where I assume you're looking at a Firewall log. The firewall is stopping the attempts so you don't need to worry about it. Especially since you've scanned your system and cleaned it (presumably).

That computer in China may be infected, or it may be a spammer, or it may be some moron trying to get in. Whatever the reason, your firewall's stopping it. In my experience it will stop soon (probably when the kid's parent finds out what they've been up to, or when they realize they've never received a response from your system due to your firewall blocking them -- they'll just change the addresses they're probing and it'll be someone else's problem).

Link to post
Share on other sites

Abuse address(es) for 60.11.125.36

Generated by www.DNSstuff.com

Location: China [City: Heilongjiang, Heilongjiang]

Looking up 60.11.125.36 at whois.abuse.net.

Above are the results from www.abuse.net, and are the E-mail address(es) that abuse complaints should be sent to.

Link to post
Share on other sites
Abuse address(es) for 60.11.125.36

Generated by www.DNSstuff.com

Location: China [City: Heilongjiang, Heilongjiang]

Looking up 60.11.125.36 at whois.abuse.net.

Above are the results from www.abuse.net, and are the E-mail address(es) that abuse complaints should be sent to.

That's listed above in his post. Complaining to a ISP in China with only get a behind the scene smirk from those owning it.

Link to post
Share on other sites
By saying you know who & where I assume you're looking at a Firewall log. The firewall is stopping the attempts so you don't need to worry about it. Especially since you've scanned your system and cleaned it (presumably).

That computer in China may be infected, or it may be a spammer, or it may be some moron trying to get in. Whatever the reason, your firewall's stopping it. In my experience it will stop soon (probably when the kid's parent finds out what they've been up to, or when they realize they've never received a response from your system due to your firewall blocking them -- they'll just change the addresses they're probing and it'll be someone else's problem).

That's my thoughts too. Every once in a while some idiot starts pinging me repeatedly. It's annoying, but Sygate is blocking them so it's nothing more than an annoyance.

Link to post
Share on other sites

I agree with jcl, handplane, there are indeed bad people out there.

Just keep your XP box fully patched with all of the latest windows security updates, keep your anti-virus updated and scan your unit for malware and virii on a regular basis.

Do you have a firewall on your computer, handplane?

Yes, I try to run a tight ship.

Run Sygate and it's up to date.

Also have and they are all up to date also:

a²

SpyBot

Spywareblaster

AVG

It sounds to me like you're in good shape. Software firewalls are very good. You may also wish to consider a hardware firewall solution, a NAT router can also help to protect you from hackers. I run an inexpensive router on my home LAN, it is one more thing between you and the Internet.

No solution is perfect, but, it sounds like you're taking good precautions to keep out the script kiddies and hackers.

Link to post
Share on other sites

Yah...it's a constant barrage from them these days handplane, but your firewall is doing it's job and you have nothing to worry about.

I find they come in groups, I get barraged for a week or so and then nothing for awhile, then boom....here they go again. There are tons of hackers in China that are searching for any computer they can take over, and use to circumvent the archaic Internet laws the governments impose on them.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...