keeps portscanning my computer

210.101.82.201

anything I can do to get this bastard to stop?

Get a port scan utility off of the net and start probing him in return[BD]

good idea!

I'm going to do that

what do i do when i find open ports?

is it illegal to break into computers located in other countries?

I have a very similar problem.  When I am disconnected from the net (Dial-up) a small window pops up and is titaled "Portal".  Then my modem tries to contect.  If I allow it to connect I get ads????

WTF??????????

Sgtar15

hehehe  You said probe

I woudl scan him as well, not probe but scan......


sounds less..... naughty [:D]

How do you know when someone is "port scanning" you,...and what does that mean?

is this the same thing as a "denial of service" attack?

i have the zone alarm free firewall program running

it poped up about 30 alerts of the same ip address trying to connect to various ports on my machine

how you know hes korean?

good lord, he'd like that crap

my roomate in college was a korean guy

he kept a jar of that stuff in our refridgerator for six months

he'd eat it for breakfast after I'd left for class, and the room still smelled like rotten garbage four hours later when I'd return

YUCK!

i went here [url]http://www.dnsstuff.com/[/url]
put the ip address into the whois lookup and got:

WHOIS results for 210.101.82.201
Generated by www.DNSstuff.com
Country: KOREA-KR

ARIN says that this IP belongs to APNIC; I'm looking it up there.


% [whois.apnic.net node-1]
% How to use this server        http://www.apnic.net/db/
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      210.100.0.0 - 210.103.223.255
netname:      KRNIC-KR
descr:        KRNIC
descr:        Korea Network Information Center
country:      KR
admin-c:      HM127-AP
tech-c:       HM127-AP
remarks:      ******************************************
remarks:      KRNIC is the National Internet Registry
remarks:      in Korea under APNIC. If you would like to
remarks:      find assignment information in detail
remarks:      please refer to the KRNIC Whois DB
remarks:      http://whois.nic.or.kr/english/index.html
remarks:      ******************************************
mnt-by:       APNIC-HM
mnt-lower:    MNT-KRNIC-AP
changed:      [email protected] 19971206
changed:      [email protected] 20010606
status:       ALLOCATED PORTABLE
source:       APNIC

person:       Host Master
address:      11F, KTF B/D, 1321-11, Seocho2-Dong, Seocho-Gu,
address:      Seoul, Korea, 137-857
country:      KR
phone:        +82-2-2186-4500
fax-no:       +82-2-2186-4496
e-mail:       [email protected]
nic-hdl:      HM127-AP
mnt-by:       MNT-KRNIC-AP
changed:      [email protected] 20020507
source:       APNIC

inetnum:      210.101.82.0 - 210.101.82.255
netname:      SOONGSILUNV-KR
descr:      SooSil Computer Institute
descr:      1-1 SangDo5-Dong DongJak-Ku
descr:      SEOUL
descr:      156-035
country:      KR
admin-c:      CC72-KR
tech-c:       CC73-KR
remarks:      This IP address space has been allocated to KRNIC.
remarks:      For more information, using KRNIC Whois Database
remarks:      whois -h whois.nic.or.kr
mnt-by:       MNT-KRNIC-AP
remarks:      This information has been partially mirrored by APNIC from
remarks:      KRNIC. To obtain more specific information, please use the
remarks:      KRNIC whois server at whois.krnic.net.
changed:      [email protected] 20020909
source:       KRNIC

person:       ChanSoo Chung
descr:      SooSil Computer Institute
descr:      1-1 SangDo5-Dong, DongJak-Ku
descr:      SEOUL
descr:      156-035
country:      KR
phone:      02-813-8676
fax-no:       02-817-8654
e-mail:       [email protected]
nic-hdl:      CC72-KR
mnt-by:       MNT-KRNIC-AP
remarks:      This information has been partially mirrored by APNIC from
remarks:      KRNIC. To obtain more specific information, please use the
remarks:      KRNIC whois server at whois.krnic.net.
changed:      [email protected] 20020909
source:       KRNIC

person:       ChanSoo Chung
descr:      SooSil Computer Institute
descr:      1-1 SangDo5-Dong, DongJak-Ku
descr:      SEOUL
descr:      156-035
country:      KR
phone:      02-813-8676
fax-no:       02-817-8654
e-mail:       [email protected]
nic-hdl:      CC73-KR
mnt-by:       MNT-KRNIC-AP
remarks:      This information has been partially mirrored by APNIC from
remarks:      KRNIC. To obtain more specific information, please use the
remarks:      KRNIC whois server at whois.krnic.net.
changed:      [email protected] 20020909
source:       KRNIC

Dude, you have spyware!  Download and run Ad-aware immediately.  It will find any spyware on your computer and delete it.  You can get Ad-aware from [url]www.lavasoftusa.com[/url].

USPC40


[img]www.ar15.com/members/albums/USPC40/line.gif[/img]
[url=www.nra.org][b][red]NRA[/red][/url] [url=www.nra.org][blue]Life Member[/blue][/url]
[url=www.gunowners.org][b][red]GOA[/red] [/url] [url=www.gunowners.org][blue]Life Member[/blue][/url]
[url=www.saf.org][red]SAF[/red][/url] [url=www.saf.org][blue]Supporter[/blue][/url]
[url=sas-aim.org][red]SAS[/red][/url] [url=sas-aim.org][blue]Supporter[/blue][/b][/url]

[img]www.ar15.com/members/albums/USPC40/alabamaflag.gif[/img]

TCP/IP (the basic communications protocol for most network traffic) has 65,000 "ports", or places that applications on your machine can listen to for connections from the net. For example, web servers usually listen on port number 80; someone on another machine can connect to that port (basically say "connect to machine xyz on port 80"). Once the connection is established they can ask for web pages.

The problem is that a lot of applications listening on these ports have weaknesses. For example, the attacker might discover that you've got a web server running on port 80, then go through a long list of known exploits that can give them control of your machine. The port scan process is considered to be rude, though possibly not illegal; it's kinda like a burglar going down a street, rattling doorknobs to see what's open.

A lot of the machines doing port scans are actually hosts that have been taken over by attackers unrelated to the machine's owner.

Said in my best Danny Glover voice:

"I'm getting to old for this shit."

Yes, I know he's an anti. But it does seem fitting here.

Ya know, I used to be a techie. But that was when my blazing 8088-2 was running 8mhz.

it was about 30 alerts one right after the other, after that i pulled my cable out for a little while

agtm:

I haven't used a recent version of zonealarm, so it may not yet have the functionality to block certain IP addresses or other advanced settings. But check around in your firewall for settings to block that IP address.

I gave up zonealarm several years back and now use TPF (tiny personal firewall). TPF is the powerusers firewall (still free!), whereas I consider zonearlarm the mac version.

Alternately, hooking up a router will in effect block direct contact from outside clients (unless you set up the computer as a DMZ host, or specifically forward the port(s) to your computer). I use both a hardware (router) and software (TPF) based firewall.

also, as mentioned above, ad-aware is a great program for detecting and deleting spyware (programs that pop-up advertisements or otherwise track your browsing habits).

i couldn't find anything in zone alarm about blocking specefic ips

i'm going to check into this tpf, since i'd like to block people i catch nosing around

adaware is cool too, i've been using that for a while

can anyone recommend a good program to block pop up windows?

Y'know, I've had all sorts of Kimchee - Cabbage Kimchee, water Kimchee, Cucumber Kimchee... But I have never seen or heard of Kimchee NOODLES!

Did I miss something? Are you sure you don't mean Ramen / Ramyen?


Adam

can people get past these software firewalls?

i don't have any software running that would make an obvious hole that i know of (like ftp servers or whatever) just email, and web

I've been pulling the cable whenever I'm not using the machine (i've got a cable modem), but i'd like to just leave it on all the time. I'm just a little too paranoid for that I guess.

what does a decent router cost? what makes a router better than a software firewall?

maybe those round styrofoam "kimchee bowl" things. kimchee flavored ramen noodles, just add hot water. also yuck, but so spicy they mask the garbage taste enough that i can eat them

Hmmmm... Kimchee flavored Ramyen... Hmmm

these are the kimchee bowls:
[img]http://www.ikoreaplaza.com/ikp/assets/product_images/KPSM01BR001.jpg[/img]

i don't like those very much

these, however, [img]http://www.ikoreaplaza.com/ikp/assets/product_images/KPSM01BR003.jpg[/img]

are great

A software firewall will basically monitor incoming/outgoing ports and connections. Depending on the specific piece of software, you may have more or less control over what the firewall will monitor, block, allow, etc...

A hardware firewall (such as a router) will take the IP address assigned by your cable/dsl company and use it for itself. Your computer will then have an "internal" IP address (such as 192.168.2.x) while the router has two addresses (typically 192.168.2.1 and the second which is from your ISP). The 192.168.2.xxx IP addresses are internal, and can only be recognized by local (networked) computers.

Your computer will send a request to the router (say for a webpage), then the router requests the information from the webhost, which passes it back to the router, which passes the information back to the computer that requested the information. (in order to not be too confusing, that's a simplified explination of what's going on)

People from the outside (internet) cant get access to your computer via software or hardware firewall, unless you allow it.

With hardware firewalls, you will need to physically forward a port (or range of ports) to your computers IP address in order for outside users to be able to contact it. Alternately, some routers will let you set up a DMZ host, which basically bypasses the routers firewall for one computer.

With software firewalls, you have more control. You can specify certain IP addresses that either can or cant access your computer. You can allow or deny certain programs from accessing out, or in some cases only allow certain ports to be used by a particular program.

The main difference is that software based firewalls have the added benefit of being able to stop certain trojan horses/rampant programs from accessing out of your computer w/o your permission. You will usually get a pop-up box that indicates "program iexplorer.exe wishes to connect out on port 80 to remote IP x.x.x.x" (or something similar). You can then set permissions to either allow or deny, etc.

Some trojans will contact out to a remote computer (instead of someone hacking into your computer, they plant the trojan and the computer initiates the breach), allowing someone access to your system. Hardware firewalls wont do anything to stop outgoing problems like this.

The cost: TPF (tiny personal firewall) and Zonealarm are both free versions of software firewalls. If you dont know what an IP address or port # is, or if you dont feel technically inclined on the computer, zonealarm would be the better solution for you.

You can pick up a 4 port Linksys router (which will let you hook up 4 computers at once to it) at www.newegg.com for $63.00 (plus shipping). There are several brands to chose from, I personally have liked the Linksys the best for consumer versions of routers.

For cable/DSL users, if you don't want to go to the expense of buying a Router/firewall combo that performs NAT, there is an easier method to protect your machine than by disconnecting the cable.

For Windows users, just disable your NIC card when you are not on the internet.  For example, Windows 2000 users, just right click on "My network Places" and choose properties.  You should see the icon for your NIC connection.  Just right click that and choose disable.  You NIC will no longer process any traffic and you are completely secure from outside intrusion.  To reenable your connection, just right click the NIC icon and choose "enable" and you are back online.  Takes about 5 seconds to do, and is much easier than pulling the coax.

Personally, I think a person is better off with a router that has no speed loss with their modems. I have the SMC7004ABR and a 3COM "Sharkfin" modem. I have no speed loss. But my modem maxes out at 5.5 Mbps down and 850 kbps up out of 10 Mb down and 1 Mb upwhen I could get 8-9 Mbps down and 930 kbps up with a Motorola Surfboard or the Toshiba.

I haven't noticed any speed reduction as my ISP only provides 2.5Mb down.

The only reason I like the Linksys over my old 8 port version of your SMC router is that the SMC was jacked up trying to get the port forwarding working correctly. I never had any issues with any other router I've used.

BTW, nice connection...

Fortunately, most people switching from dialup wont notice and/or care at any reduction in speed.

One other thing I noticed, there's no latency loss with any router I've used to date... which is much more important to me (and my CS gaming experience).

just installed that firewall program already had 4 attemps.last one i did the ip check and it was from someone at the local college.had a phone number but it doesn't work.but i did email them.and sent them a copy of this.

WHOIS results for 152.11.169.7
Generated by www.DNSstuff.com
Country: UNITED STATES


OrgName:    Bowman Gray School of Medicine
OrgID:      BGSM

NetRange:   152.11.0.0 - 152.11.255.255
CIDR:       152.11.0.0/16
NetName:    BGSM-NET
NetHandle:  NET-152-11-0-0-1
Parent:     NET-152-0-0-0-0
NetType:    Direct Assignment
NameServer: NCNOC.NCREN.NET
NameServer: REGGAE.NCREN.NET
Comment:    
RegDate:    1992-01-10
Updated:    1992-08-26

TechHandle: PS292-ARIN
TechName:   Santago, Pete
TechPhone:  +1-919-748-2815
TechEmail:  [email protected]

# ARIN Whois database, last updated 2002-09-18 19:05
# Enter ? for additional hints on searching ARIN's Whois database.

One port scan is nothing.  Put them on the block list and ignore them.  If you start getting a bunch from similar subnets, then block the subnet.

Don't run windows (or anything) without some kind of protection on the net.  Software firewalls can range from crappy to extremely effective.