Posts Tagged ‘IPS’
Ni Hao Chairman Meow!
I guess from all my posts on the Google debacle and cyberwar I may have gained some attention that I don’t really want. It seems that some folks in China have become rather interested in my little IP address.
So nmap’s huh? I mean, well you aren’t really being all stealth are ya chairman? I just love seeing the “peoples republic government systems” in the logs…
Meanwhile, someone attempted a UDP DoS on my system too. The IPS seems to have handled that one just alright.
It’s always fun watching the logs…
Sensing A Pattern
| Source | ||
| 93.114.122.72 | SC- DIAL TELECOM Romania | Slammer |
| 91.135.19.162 | DTG Wireless Latvia | DdoS |
| 89.106.8.194 | Grid Hosting Turkey | DOS/SYN |
| 72.1.0.0 | Northern Telephone OSHKOSH | BAD IP |
| 69.10.42.58 | Interserver Inc NJ | DOS/SYN |
| 61.175.209.11 | China Telecom | DOS/SYN |
| 61.147.112.197 | Chinanet | DOS/SYN |
| 61.139.175.30 | UNICOM JL China | DOS/SYN |
| 60.190.49.244 | NINGHAI-XINYANG-LTD China | Slammer |
| 60.173.10.154 | Chinanet AH China | DOS/SYN |
| 60.12.6.238 | CNC Group CHINA169 Zhejiang Province Network | TCP Nmap Scan |
| 59.45.19.52 | MAINT-CHINANET-LN | DOS/SYN |
| 58.57.17.194 | MAINT-CHINANET-SD | Slammer |
| 58.221.42.163 | CHINANET jiangsu province network China | DOS/SYN |
| 222.45.112.219 | Kunde Htech Ltd Co China | DOS/SYN |
| 222.240.205.117 | CHINANET-HN Changsha node network | DOS/SYN |
| 222.179.5.106 | CHINANET Chongqing province network | Slammer |
| 222.175.213.210 | CHINANET SHANDONG PROVINCE NETWORK | DOS/SYN |
| 222.133.182.194 | China Unicom Shandong province network | DOS/SYN |
| 222.128.51.11 | China Unicom Beijing province network | DOS/SYN |
| 221.238.10.195 | TIANJIN-CHANGCHENGZHIBAO-LTD | DOS/SYN |
| 221.195.73.68 | China Unicom Hebei Province Network Korea | DOS/SYN |
| 221.161.82.238 | KORNET-10321992250 | DOS/SYN |
| 220.191.241.2 | ZHEJIANG-PEOPLE-GOV | TCP Nmap Scan |
| 219.149.53.239 | LY-GUANGDIAN-ISP China | Slammer |
| 218.75.95.244 | JINHUA-TELECOM-LTD | Slammer |
| 218.61.126.21 | China Unicom Liaoning province network | DOS/SYN |
| 218.23.37.51 | CHINANET Anhui province network | Slammer |
| 218.204.137.156 | China Mobile Communications Corporation – jiangxi | Slammer |
| 217.76.32.53 | Ratel Company Russia | DOS/SYN |
| 212.252.124.15 | SuperOnline Inc. Turkey | Slammer |
| 211.157.108.232 | CHINACOMM | DOS/SYN |
| 211.141.78.197 | CMNET-jilin | DOS/SYN |
| 211.100.229.252 | BEIJING ZHENG-BO TECHNOLOGY CO.LTD | Slammer |
| 202.120.127.149 | Shanghai University | DOS/SYN |
| 174.143.78.90 | Rackspace.com | App Anomaly RPC |
| 125.68.57.86 | CHINANET Sichuan province network | DOS/SYN |
| 125.65.112.168 | SC-MY-SJDF-LTD China | DOS/SYN |
| 125.119.209.199 | CHINANET-ZJ-HZ | DOS/SYN |
| 124.160.43.18 | CNC Group CHINA169 Zhejiang Province Network | TCP Nmap Scan |
| 123.30.75.107 | CUCBUUDIENTW-NET | DOS/SYN |
| 122.225.36.85 | JIAXING-TELECOM-LTD | DOS/SYN |
| 121.28.90.36 | SJZ-FriendshipHotelNorthStateStreetstore China | DOS/SYN |
| 121.123.158.33 | Maxis Communications Bhd Malaysia | DOS/SYN |
| 121.11.80.42 | shantoushitianyingxinxijishuyou China | DOS/SYN |
| 118.1.0.0 | NTT Communications Corporation Japan | BAD IP |
| 116.228.179.19 | CHINANET Shanghai province network | DOS/SYN |
Since my little incident with j35t3r I have been paying more attention again to the IDS. In the last few days alone the system has seen some interesting traffic including another DDoS attempt from Latvia. I am seeing a pattern though for the most part. Our Chinese overlords have a lot of traffic coming my way from worms.
Also interesting to note is the Nmap traffic, guess some folks got interested in my system to see what ports I have open. They went away unhappy though. Kinda makes you wonder what your traffic is like huh? It also might make you wonder just how much your system is protected.. If it is at all.
If you are interested, you can take a scan for yourself with Shields Up. It’s a system in place to run a Nessus scan against your IP address and see whats what. It does a good job and will tell you what ports are open and perhaps what vulns you might have.
Just remember, if you have a persistent connection and your machine is on.. Well, they are knocking at the door.
CoB
Krypt3ia 