Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Site Notices
9/22/2017 12:11:25 AM
Posted: 9/18/2002 1:56:05 PM EDT
keeps portscanning my computer 210.101.82.201 anything I can do to get this bastard to stop?
Link Posted: 9/18/2002 3:39:31 PM EDT
Get a port scan utility off of the net and start probing him in return[BD]
Link Posted: 9/18/2002 3:42:01 PM EDT
good idea! I'm going to do that what do i do when i find open ports? is it illegal to break into computers located in other countries?
Link Posted: 9/18/2002 3:42:25 PM EDT
I have a very similar problem. When I am disconnected from the net (Dial-up) a small window pops up and is titaled "Portal". Then my modem tries to contect. If I allow it to connect I get ads???? WTF?????????? Sgtar15
Link Posted: 9/18/2002 3:42:57 PM EDT
hehehe You said probe I woudl scan him as well, not probe but scan...... sounds less..... naughty [:D]
Link Posted: 9/18/2002 3:43:52 PM EDT
Link Posted: 9/18/2002 3:44:31 PM EDT
How do you know when someone is "port scanning" you,...and what does that mean?
Link Posted: 9/18/2002 3:45:08 PM EDT
Originally Posted By ColonelKlink: probe his entire network with syn packets and then he will get the picture.
View Quote
is this the same thing as a "denial of service" attack?
Link Posted: 9/18/2002 3:46:15 PM EDT
Link Posted: 9/18/2002 3:47:23 PM EDT
Originally Posted By madmedic: How do you know when someone is "port scanning" you,...and what does that mean?
View Quote
i have the zone alarm free firewall program running it poped up about 30 alerts of the same ip address trying to connect to various ports on my machine
Link Posted: 9/18/2002 3:47:48 PM EDT
how you know hes korean?
Link Posted: 9/18/2002 3:48:44 PM EDT
Originally Posted By FrankSquid: send him a bowl of Kim Chee noodles and call a truce.
View Quote
good lord, he'd like that crap my roomate in college was a korean guy he kept a jar of that stuff in our refridgerator for six months he'd eat it for breakfast after I'd left for class, and the room still smelled like rotten garbage four hours later when I'd return YUCK!
Link Posted: 9/18/2002 3:49:57 PM EDT
Originally Posted By mark159: how you know hes korean?
View Quote
i went here [url]http://www.dnsstuff.com/[/url] put the ip address into the whois lookup and got: WHOIS results for 210.101.82.201 Generated by www.DNSstuff.com Country: KOREA-KR ARIN says that this IP belongs to APNIC; I'm looking it up there. % [whois.apnic.net node-1] % How to use this server http://www.apnic.net/db/ % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html inetnum: 210.100.0.0 - 210.103.223.255 netname: KRNIC-KR descr: KRNIC descr: Korea Network Information Center country: KR admin-c: HM127-AP tech-c: HM127-AP remarks: ****************************************** remarks: KRNIC is the National Internet Registry remarks: in Korea under APNIC. If you would like to remarks: find assignment information in detail remarks: please refer to the KRNIC Whois DB remarks: http://whois.nic.or.kr/english/index.html remarks: ****************************************** mnt-by: APNIC-HM mnt-lower: MNT-KRNIC-AP changed: drc@apnic.net 19971206 changed: hostmaster@apnic.net 20010606 status: ALLOCATED PORTABLE source: APNIC person: Host Master address: 11F, KTF B/D, 1321-11, Seocho2-Dong, Seocho-Gu, address: Seoul, Korea, 137-857 country: KR phone: +82-2-2186-4500 fax-no: +82-2-2186-4496 e-mail: hostmaster@nic.or.kr nic-hdl: HM127-AP mnt-by: MNT-KRNIC-AP changed: hostmaster@nic.or.kr 20020507 source: APNIC inetnum: 210.101.82.0 - 210.101.82.255 netname: SOONGSILUNV-KR descr: SooSil Computer Institute descr: 1-1 SangDo5-Dong DongJak-Ku descr: SEOUL descr: 156-035 country: KR admin-c: CC72-KR tech-c: CC73-KR remarks: This IP address space has been allocated to KRNIC. remarks: For more information, using KRNIC Whois Database remarks: whois -h whois.nic.or.kr mnt-by: MNT-KRNIC-AP remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.krnic.net. changed: hostmaster@nic.or.kr 20020909 source: KRNIC person: ChanSoo Chung descr: SooSil Computer Institute descr: 1-1 SangDo5-Dong, DongJak-Ku descr: SEOUL descr: 156-035 country: KR phone: 02-813-8676 fax-no: 02-817-8654 e-mail: wonjang@soongsilunv.co.kr nic-hdl: CC72-KR mnt-by: MNT-KRNIC-AP remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.krnic.net. changed: hostmaster@nic.or.kr 20020909 source: KRNIC person: ChanSoo Chung descr: SooSil Computer Institute descr: 1-1 SangDo5-Dong, DongJak-Ku descr: SEOUL descr: 156-035 country: KR phone: 02-813-8676 fax-no: 02-817-8654 e-mail: wonjang@soongsilunv.co.kr nic-hdl: CC73-KR mnt-by: MNT-KRNIC-AP remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.krnic.net. changed: hostmaster@nic.or.kr 20020909 source: KRNIC
Link Posted: 9/18/2002 3:50:24 PM EDT
[Last Edit: 9/18/2002 3:51:48 PM EDT by USPC40]
Originally Posted By sgtar15: I have a very similar problem. When I am disconnected from the net (Dial-up) a small window pops up and is titaled "Portal". Then my modem tries to contect. If I allow it to connect I get ads???? WTF?????????? Sgtar15
View Quote
Dude, you have spyware! Download and run Ad-aware immediately. It will find any spyware on your computer and delete it. You can get Ad-aware from [url]www.lavasoftusa.com[/url]. USPC40 [img]www.ar15.com/members/albums/USPC40/line.gif[/img] [url=www.nra.org][b][red]NRA[/red][/url] [url=www.nra.org][blue]Life Member[/blue][/url] [url=www.gunowners.org][b][red]GOA[/red] [/url] [url=www.gunowners.org][blue]Life Member[/blue][/url] [url=www.saf.org][red]SAF[/red][/url] [url=www.saf.org][blue]Supporter[/blue][/url] [url=sas-aim.org][red]SAS[/red][/url] [url=sas-aim.org][blue]Supporter[/blue][/b][/url] [img]www.ar15.com/members/albums/USPC40/alabamaflag.gif[/img]
Link Posted: 9/18/2002 4:03:07 PM EDT
TCP/IP (the basic communications protocol for most network traffic) has 65,000 "ports", or places that applications on your machine can listen to for connections from the net. For example, web servers usually listen on port number 80; someone on another machine can connect to that port (basically say "connect to machine xyz on port 80"). Once the connection is established they can ask for web pages. The problem is that a lot of applications listening on these ports have weaknesses. For example, the attacker might discover that you've got a web server running on port 80, then go through a long list of known exploits that can give them control of your machine. The port scan process is considered to be rude, though possibly not illegal; it's kinda like a burglar going down a street, rattling doorknobs to see what's open. A lot of the machines doing port scans are actually hosts that have been taken over by attackers unrelated to the machine's owner.
Link Posted: 9/18/2002 4:19:47 PM EDT
Link Posted: 9/18/2002 4:23:56 PM EDT
Link Posted: 9/18/2002 4:31:58 PM EDT
Said in my best Danny Glover voice: "I'm getting to old for this shit." Yes, I know he's an anti. But it does seem fitting here. Ya know, I used to be a techie. But that was when my blazing 8088-2 was running 8mhz.
Link Posted: 9/18/2002 4:36:48 PM EDT
it was about 30 alerts one right after the other, after that i pulled my cable out for a little while
Link Posted: 9/18/2002 5:05:05 PM EDT
Link Posted: 9/18/2002 5:23:28 PM EDT
agtm: I haven't used a recent version of zonealarm, so it may not yet have the functionality to block certain IP addresses or other advanced settings. But check around in your firewall for settings to block that IP address. I gave up zonealarm several years back and now use TPF (tiny personal firewall). TPF is the powerusers firewall (still free!), whereas I consider zonearlarm the mac version. Alternately, hooking up a router will in effect block direct contact from outside clients (unless you set up the computer as a DMZ host, or specifically forward the port(s) to your computer). I use both a hardware (router) and software (TPF) based firewall. also, as mentioned above, ad-aware is a great program for detecting and deleting spyware (programs that pop-up advertisements or otherwise track your browsing habits).
Link Posted: 9/18/2002 5:35:31 PM EDT
Originally Posted By steenkybastage: agtm: I haven't used a recent version of zonealarm, so it may not yet have the functionality to block certain IP addresses or other advanced settings. But check around in your firewall for settings to block that IP address. I gave up zonealarm several years back and now use TPF (tiny personal firewall). TPF is the powerusers firewall (still free!), whereas I consider zonearlarm the mac version. Alternately, hooking up a router will in effect block direct contact from outside clients (unless you set up the computer as a DMZ host, or specifically forward the port(s) to your computer). I use both a hardware (router) and software (TPF) based firewall. also, as mentioned above, ad-aware is a great program for detecting and deleting spyware (programs that pop-up advertisements or otherwise track your browsing habits).
View Quote
i couldn't find anything in zone alarm about blocking specefic ips i'm going to check into this tpf, since i'd like to block people i catch nosing around adaware is cool too, i've been using that for a while can anyone recommend a good program to block pop up windows?
Link Posted: 9/18/2002 5:39:32 PM EDT
Originally Posted By FrankSquid: send him a bowl of Kim Chee noodles and call a truce.
View Quote
Y'know, I've had all sorts of Kimchee - Cabbage Kimchee, water Kimchee, Cucumber Kimchee... But I have never seen or heard of Kimchee NOODLES! Did I miss something? Are you sure you don't mean Ramen / Ramyen? Adam
Link Posted: 9/18/2002 5:40:10 PM EDT
can people get past these software firewalls? i don't have any software running that would make an obvious hole that i know of (like ftp servers or whatever) just email, and web I've been pulling the cable whenever I'm not using the machine (i've got a cable modem), but i'd like to just leave it on all the time. I'm just a little too paranoid for that I guess. what does a decent router cost? what makes a router better than a software firewall?
Link Posted: 9/18/2002 5:42:25 PM EDT
Originally Posted By Adam_White:
Originally Posted By FrankSquid: send him a bowl of Kim Chee noodles and call a truce.
View Quote
Y'know, I've had all sorts of Kimchee - Cabbage Kimchee, water Kimchee, Cucumber Kimchee... But I have never seen or heard of Kimchee NOODLES! Did I miss something? Are you sure you don't mean Ramen / Ramyen? Adam
View Quote
maybe those round styrofoam "kimchee bowl" things. kimchee flavored ramen noodles, just add hot water. also yuck, but so spicy they mask the garbage taste enough that i can eat them
Link Posted: 9/18/2002 5:52:06 PM EDT
Originally Posted By agtm: maybe those round styrofoam "kimchee bowl" things. kimchee flavored ramen noodles, just add hot water. also yuck, but so spicy they mask the garbage taste enough that i can eat them
View Quote
Hmmmm... Kimchee flavored Ramyen... Hmmm
Link Posted: 9/18/2002 6:02:27 PM EDT
[Last Edit: 9/18/2002 6:05:31 PM EDT by agtm]
Originally Posted By Adam_White:
Originally Posted By agtm: maybe those round styrofoam "kimchee bowl" things. kimchee flavored ramen noodles, just add hot water. also yuck, but so spicy they mask the garbage taste enough that i can eat them
View Quote
Hmmmm... Kimchee flavored Ramyen... Hmmm
View Quote
these are the kimchee bowls: [img]http://www.ikoreaplaza.com/ikp/assets/product_images/KPSM01BR001.jpg[/img] i don't like those very much these, however, [img]http://www.ikoreaplaza.com/ikp/assets/product_images/KPSM01BR003.jpg[/img] are great
Link Posted: 9/18/2002 6:21:24 PM EDT
Originally Posted By agtm: can people get past these software firewalls? i don't have any software running that would make an obvious hole that i know of (like ftp servers or whatever) just email, and web I've been pulling the cable whenever I'm not using the machine (i've got a cable modem), but i'd like to just leave it on all the time. I'm just a little too paranoid for that I guess. what does a decent router cost? what makes a router better than a software firewall?
View Quote
A software firewall will basically monitor incoming/outgoing ports and connections. Depending on the specific piece of software, you may have more or less control over what the firewall will monitor, block, allow, etc... A hardware firewall (such as a router) will take the IP address assigned by your cable/dsl company and use it for itself. Your computer will then have an "internal" IP address (such as 192.168.2.x) while the router has two addresses (typically 192.168.2.1 and the second which is from your ISP). The 192.168.2.xxx IP addresses are internal, and can only be recognized by local (networked) computers. Your computer will send a request to the router (say for a webpage), then the router requests the information from the webhost, which passes it back to the router, which passes the information back to the computer that requested the information. (in order to not be too confusing, that's a simplified explination of what's going on) People from the outside (internet) cant get access to your computer via software or hardware firewall, unless you allow it. With hardware firewalls, you will need to physically forward a port (or range of ports) to your computers IP address in order for outside users to be able to contact it. Alternately, some routers will let you set up a DMZ host, which basically bypasses the routers firewall for one computer. With software firewalls, you have more control. You can specify certain IP addresses that either can or cant access your computer. You can allow or deny certain programs from accessing out, or in some cases only allow certain ports to be used by a particular program. The main difference is that software based firewalls have the added benefit of being able to stop certain trojan horses/rampant programs from accessing out of your computer w/o your permission. You will usually get a pop-up box that indicates "program iexplorer.exe wishes to connect out on port 80 to remote IP x.x.x.x" (or something similar). You can then set permissions to either allow or deny, etc. Some trojans will contact out to a remote computer (instead of someone hacking into your computer, they plant the trojan and the computer initiates the breach), allowing someone access to your system. Hardware firewalls wont do anything to stop outgoing problems like this. The cost: TPF (tiny personal firewall) and Zonealarm are both free versions of software firewalls. If you dont know what an IP address or port # is, or if you dont feel technically inclined on the computer, zonealarm would be the better solution for you. You can pick up a 4 port Linksys router (which will let you hook up 4 computers at once to it) at www.newegg.com for $63.00 (plus shipping). There are several brands to chose from, I personally have liked the Linksys the best for consumer versions of routers.
Link Posted: 9/18/2002 8:29:39 PM EDT
Originally Posted By agtm: can people get past these software firewalls? i don't have any software running that would make an obvious hole that i know of (like ftp servers or whatever) just email, and web I've been pulling the cable whenever I'm not using the machine (i've got a cable modem), but i'd like to just leave it on all the time. I'm just a little too paranoid for that I guess. what does a decent router cost? what makes a router better than a software firewall?
View Quote
For cable/DSL users, if you don't want to go to the expense of buying a Router/firewall combo that performs NAT, there is an easier method to protect your machine than by disconnecting the cable. For Windows users, just disable your NIC card when you are not on the internet. For example, Windows 2000 users, just right click on "My network Places" and choose properties. You should see the icon for your NIC connection. Just right click that and choose disable. You NIC will no longer process any traffic and you are completely secure from outside intrusion. To reenable your connection, just right click the NIC icon and choose "enable" and you are back online. Takes about 5 seconds to do, and is much easier than pulling the coax.
Link Posted: 9/18/2002 8:51:57 PM EDT
Originally Posted By steenkybastage: There are several brands to chose from, I personally have liked the Linksys the best for consumer versions of routers.
View Quote
Personally, I think a person is better off with a router that has no speed loss with their modems. I have the SMC7004ABR and a 3COM "Sharkfin" modem. I have no speed loss. But my modem maxes out at 5.5 Mbps down and 850 kbps up out of 10 Mb down and 1 Mb upwhen I could get 8-9 Mbps down and 930 kbps up with a Motorola Surfboard or the Toshiba.
Link Posted: 9/18/2002 9:01:48 PM EDT
I haven't noticed any speed reduction as my ISP only provides 2.5Mb down. The only reason I like the Linksys over my old 8 port version of your SMC router is that the SMC was jacked up trying to get the port forwarding working correctly. I never had any issues with any other router I've used. BTW, nice connection... Fortunately, most people switching from dialup wont notice and/or care at any reduction in speed. One other thing I noticed, there's no latency loss with any router I've used to date... which is much more important to me (and my CS gaming experience).
Link Posted: 9/18/2002 9:31:24 PM EDT
just installed that firewall program already had 4 attemps.last one i did the ip check and it was from someone at the local college.had a phone number but it doesn't work.but i did email them.and sent them a copy of this. WHOIS results for 152.11.169.7 Generated by www.DNSstuff.com Country: UNITED STATES OrgName: Bowman Gray School of Medicine OrgID: BGSM NetRange: 152.11.0.0 - 152.11.255.255 CIDR: 152.11.0.0/16 NetName: BGSM-NET NetHandle: NET-152-11-0-0-1 Parent: NET-152-0-0-0-0 NetType: Direct Assignment NameServer: NCNOC.NCREN.NET NameServer: REGGAE.NCREN.NET Comment: RegDate: 1992-01-10 Updated: 1992-08-26 TechHandle: PS292-ARIN TechName: Santago, Pete TechPhone: +1-919-748-2815 TechEmail: ps@mrips.bgsm.wfu.edu # ARIN Whois database, last updated 2002-09-18 19:05 # Enter ? for additional hints on searching ARIN's Whois database.
Link Posted: 9/18/2002 10:05:22 PM EDT
One port scan is nothing. Put them on the block list and ignore them. If you start getting a bunch from similar subnets, then block the subnet. Don't run windows (or anything) without some kind of protection on the net. Software firewalls can range from crappy to extremely effective.
Top Top