More Port 1026 probes from China

This is a discussion on More Port 1026 probes from China within the Linux Security forums, part of the System Security and Security Related category; Aug 31 20:54:56 -0700 SRC=63.184.16.194 DST=63.184.113.12 PROTO=TCP SPT=4706 ...


Go Back   Usenet Forums > System Security and Security Related > Linux Security

Reload this Page More Port 1026 probes from China

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 09-01-2004
Felix Tilley
 
Posts: n/a
Default More Port 1026 probes from China
Aug 31 20:54:56 -0700 SRC=63.184.16.194 DST=63.184.113.12 PROTO=TCP SPT=4706 DPT=445
Aug 31 20:54:59 -0700 SRC=63.184.16.194 DST=63.184.113.12 PROTO=TCP SPT=4706 DPT=445
Aug 31 20:55:51 -0700 SRC=222.88.173.5 DST=63.184.113.12 PROTO=UDP SPT=31215 DPT=1026





whoapnic 222.88.173.5
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 222.88.0.0 - 222.89.255.255
netname: CHINATELECOM-HA
descr: CHINANET henan province network
descr: China Telecom
descr: No.31,jingrong street
descr: Beijing 100032
country: CN
admin-c: CH93-AP
tech-c: HZ149-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINATELECOM-HA
mnt-routes: MAINT-CHINATELECOM-HA
changed: hm-changed@apnic.net 20040113
status: ALLOCATED PORTABLE
source: APNIC

person: Chinanet Hostmaster
address: No.31 ,jingrong street,beijing
address: 100032
country: CN
phone: +86-10-66027112
fax-no: +86-10-58501144
e-mail: hostmaster@ns.chinanet.cn.net
e-mail: anti-spam@ns.chinanet.cn.net
nic-hdl: CH93-AP
mnt-by: MAINT-CHINANET
changed: hostmaster@ns.chinanet.cn.net 20021016
remarks: hostmaster is not for spam complaint,please send spam complaint to anti-spam@ns.chinanet.cn.net
source: APNIC

person: Hongbiao Zhang
nic-hdl: HZ149-AP
e-mail: ip@hntele.com
address: 97# Zhongyuan Street, Zhengzhou,Chinese
phone: +86-371-5310007
fax-no: +86-371-5310044
country: CN
changed: zhb@hntele.com 20030813
mnt-by: MAINT-CHINATELECOM-HA
source: APNIC




--

Felix Tilley
Rank: MAJ
Fanatic Lartvocate
FL# 555-LART
Reply With Quote
  #2 (permalink)  
Old 09-01-2004
Jose Maria Lopez Hernandez
 
Posts: n/a
Default Re: More Port 1026 probes from China
Felix Tilley wrote:
> Aug 31 20:54:56 -0700 SRC=63.184.16.194 DST=63.184.113.12 PROTO=TCP SPT=4706 DPT=445
> Aug 31 20:54:59 -0700 SRC=63.184.16.194 DST=63.184.113.12 PROTO=TCP SPT=4706 DPT=445
> Aug 31 20:55:51 -0700 SRC=222.88.173.5 DST=63.184.113.12 PROTO=UDP SPT=31215 DPT=1026
>
>
>
>
>
> whoapnic 222.88.173.5
> % [whois.apnic.net node-1]
> % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
>
> inetnum: 222.88.0.0 - 222.89.255.255
> netname: CHINATELECOM-HA
> descr: CHINANET henan province network
> descr: China Telecom
> descr: No.31,jingrong street
> descr: Beijing 100032
> country: CN
> admin-c: CH93-AP
> tech-c: HZ149-AP
> mnt-by: APNIC-HM
> mnt-lower: MAINT-CHINATELECOM-HA
> mnt-routes: MAINT-CHINATELECOM-HA
> changed: hm-changed@apnic.net 20040113
> status: ALLOCATED PORTABLE
> source: APNIC
>
> person: Chinanet Hostmaster
> address: No.31 ,jingrong street,beijing
> address: 100032
> country: CN
> phone: +86-10-66027112
> fax-no: +86-10-58501144
> e-mail: hostmaster@ns.chinanet.cn.net
> e-mail: anti-spam@ns.chinanet.cn.net
> nic-hdl: CH93-AP
> mnt-by: MAINT-CHINANET
> changed: hostmaster@ns.chinanet.cn.net 20021016
> remarks: hostmaster is not for spam complaint,please send spam complaint to anti-spam@ns.chinanet.cn.net
> source: APNIC
>
> person: Hongbiao Zhang
> nic-hdl: HZ149-AP
> e-mail: ip@hntele.com
> address: 97# Zhongyuan Street, Zhengzhou,Chinese
> phone: +86-371-5310007
> fax-no: +86-371-5310044
> country: CN
> changed: zhb@hntele.com 20030813
> mnt-by: MAINT-CHINATELECOM-HA
> source: APNIC
>
>
>
>

I also have tons of them.


--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAŅA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
Reply With Quote
  #3 (permalink)  
Old 09-02-2004
jayjwa
 
Posts: n/a
Default Re: More Port 1026 probes from China
On 2004-09-01, Jose Maria Lopez Hernandez <jkerouac@bgsec.com> wrote:
> Felix Tilley wrote:
>> Aug 31 20:54:56 -0700 SRC=63.184.16.194 DST=63.184.113.12 PROTO=TCP SPT=4706 DPT=445
>> Aug 31 20:54:59 -0700 SRC=63.184.16.194 DST=63.184.113.12 PROTO=TCP SPT=4706 DPT=445
>> Aug 31 20:55:51 -0700 SRC=222.88.173.5 DST=63.184.113.12 PROTO=UDP SPT=31215 DPT=1026

>> country: CN
>> changed: zhb@hntele.com 20030813
>> mnt-by: MAINT-CHINATELECOM-HA
>> source: APNIC

> I also have tons of them.

I belive it's a MS-Windows thing. I block any and all Chinanet IP's
and netblocks I come across. They account for a large portion of my
firewall logs. Kornet, Hinet, Harano, netvigator, and .21cn.com too.
In my experience they are mostly zombies, spam-proxies, botnets, and
compromised machines spewing tons of malware.

--
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 01:37 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0