(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Sensing A Pattern

with one comment

Source SC- DIAL TELECOM Romania Slammer DTG Wireless Latvia DdoS Grid Hosting Turkey DOS/SYN Northern Telephone OSHKOSH BAD IP Interserver Inc NJ DOS/SYN China Telecom DOS/SYN Chinanet DOS/SYN UNICOM JL China DOS/SYN NINGHAI-XINYANG-LTD China Slammer Chinanet AH China DOS/SYN CNC Group CHINA169 Zhejiang Province Network TCP Nmap Scan MAINT-CHINANET-LN DOS/SYN MAINT-CHINANET-SD Slammer CHINANET jiangsu province network China DOS/SYN Kunde Htech Ltd Co China DOS/SYN CHINANET-HN Changsha node network DOS/SYN CHINANET Chongqing province network Slammer CHINANET SHANDONG PROVINCE NETWORK DOS/SYN China Unicom Shandong province network DOS/SYN China Unicom Beijing province network DOS/SYN TIANJIN-CHANGCHENGZHIBAO-LTD DOS/SYN China Unicom Hebei Province Network Korea DOS/SYN KORNET-10321992250 DOS/SYN ZHEJIANG-PEOPLE-GOV TCP Nmap Scan LY-GUANGDIAN-ISP China Slammer JINHUA-TELECOM-LTD Slammer China Unicom Liaoning province network DOS/SYN CHINANET Anhui province network Slammer China Mobile Communications Corporation – jiangxi Slammer Ratel Company Russia DOS/SYN SuperOnline Inc. Turkey Slammer CHINACOMM DOS/SYN CMNET-jilin DOS/SYN BEIJING ZHENG-BO TECHNOLOGY CO.LTD Slammer Shanghai University DOS/SYN App Anomaly RPC CHINANET Sichuan province network DOS/SYN SC-MY-SJDF-LTD China DOS/SYN CHINANET-ZJ-HZ DOS/SYN CNC Group CHINA169 Zhejiang Province Network TCP Nmap Scan CUCBUUDIENTW-NET DOS/SYN JIAXING-TELECOM-LTD DOS/SYN SJZ-FriendshipHotelNorthStateStreetstore China DOS/SYN Maxis Communications Bhd Malaysia DOS/SYN shantoushitianyingxinxijishuyou China DOS/SYN NTT Communications Corporation Japan BAD IP CHINANET Shanghai province network DOS/SYN

Since my little incident with j35t3r I have been paying more attention again to the IDS. In the last few days alone the system has seen some interesting traffic including another DDoS attempt from Latvia. I am seeing a pattern though for the most part. Our Chinese overlords have a lot of traffic coming my way from worms.

Also interesting to note is the Nmap traffic, guess some folks got interested in my system to see what ports I have open. They went away unhappy though. Kinda makes you wonder what your traffic is like huh? It also might make you wonder just how much your system is protected.. If it is at all.

If you are interested, you can take a scan for yourself with Shields Up. It’s a system in place to run a Nessus scan against your IP address and see whats what. It does a good job and will tell you what ports are open and perhaps what vulns you might have.

Just remember, if you have a persistent connection and your machine is on.. Well, they are knocking at the door.


Written by Krypt3ia

2010/01/24 at 01:23

One Response

Subscribe to comments with RSS.

  1. I have McAfee and every now and then I check the inbound traffic log and I found this HTECH tried to access different ports. I banned the address after tracing it back to China. I have also found China Unicom in that log too.


    2010/05/16 at 22:23

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: