URN Logo
UNIX Resources » Linux » Linux Forum » Linux Security » Page.21 » More Port 1026 probes from China
announcement The content of this page is collected from Linux Forum, All copyrights and other associated rights are reserved by the original authors of the articles.
Resources
China Linux Forum(finished)
Linux Forum(finished)
FreeBSD China(finished)
linuxforum.com
  LinuxForum General Chat
  Linux Advocacy
  LinuxForum Polls
  Introductions
  Linux Kernel Support
  Patch Management
  Development Release
  Linux Programming
  Linux Security
  Linux Software
  Linux Hardware Problems
    Linux Video Problems
    Linux Sound Problems
  Linux Networking Support
  Linux Printing Support
  Linux Human Interface Devices Support
  Linux Data Storage Support
  Linux Applications Support
  Linux Installation Support
  Linux Laptops Support
  Linux Motherboard, Chipsets, CPU, Memory
  Miscellaneous
  Debian Linux Support
  Ubuntu Linux Support
  LiveCD Discussions
  Gentoo Linux Support
  Mandrake Linux Support
  Redhat / Fedora Linux Support
  Slackware Linux Support
  SuSE Linux Support
  CentOS Linux Support
  Linux Web Servers
  Linux DNS Servers
  Linux Database Servers
  Linux Email Servers
  Linux FTP Servers
  Linux Squid Proxy Server
  Linux Samba Help
  Linux cPanel Help
  Linux Ensim Help
  Linux Plesk Help
  Linux Webmin / Usermin Help
  Qmail Toaster Help
  Linux Games
  Windows Game Emulation
  Linux Discussions
  General Linux Discussions
  Red Hat Linux Discussions
  More Red Hat Linux Discussions
  Mandrake Linux Discussions
  Slackware Linux Discussions
  SuSE Linux Discussions
  Debian Discussions
  Samba Help
  Linux Security
  Linux Networking
  Gentoo Help
  Operating System Rant Forum
  Hardware Rants
   
More Port 1026 probes from China
Subject: More Port 1026 probes from China
Author: Felix Tilley    Posted: 2004-08-31 22:12:15    Length: 2,725 byte(s)
[Original] [Print] [Top]
Aug 31 20:54:56 -0700 SRC=63.184.16.194 DST=63.184.113.12 PROTO=TCP SPT=4706 DPT=445
Aug 31 20:54:59 -0700 SRC=63.184.16.194 DST=63.184.113.12 PROTO=TCP SPT=4706 DPT=445
Aug 31 20:55:51 -0700 SRC=222.88.173.5 DST=63.184.113.12 PROTO=UDP SPT=31215 DPT=1026





whoapnic       222.88.173.5
% [whois.apnic.net node-1]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      222.88.0.0 - 222.89.255.255
netname:      CHINATELECOM-HA
descr:        CHINANET henan province network
descr:        China Telecom
descr:        No.31,jingrong street
descr:        Beijing 100032
country:      CN
admin-c:      CH93-AP
tech-c:       HZ149-AP
mnt-by:       APNIC-HM
mnt-lower:    MAINT-CHINATELECOM-HA
mnt-routes:   MAINT-CHINATELECOM-HA
changed:      hm-changed@apnic.net 20040113
status:       ALLOCATED PORTABLE
source:       APNIC

person:       Chinanet Hostmaster
address:      No.31 ,jingrong street,beijing
address:      100032
country:      CN
phone:        +86-10-66027112
fax-no:       +86-10-58501144
e-mail:       hostmaster@ns.chinanet.cn.net
e-mail:       anti-spam@ns.chinanet.cn.net
nic-hdl:      CH93-AP
mnt-by:       MAINT-CHINANET
changed:      hostmaster@ns.chinanet.cn.net 20021016
remarks:      hostmaster is not for spam complaint,please send spam complaint to anti-spam@ns.chinanet.cn.net
source:       APNIC

person:       Hongbiao Zhang
nic-hdl:      HZ149-AP
e-mail:       ip@hntele.com
address:      97# Zhongyuan Street, Zhengzhou,Chinese
phone:        +86-371-5310007
fax-no:       +86-371-5310044
country:      CN
changed:      zhb@hntele.com 20030813
mnt-by:       MAINT-CHINATELECOM-HA
source:       APNIC




--

Felix Tilley
Rank: MAJ
Fanatic Lartvocate
FL# 555-LART

[Original] [Print] [Top]
Subject: More Port 1026 probes from China
Author: Jose Maria Lopez Hernandez    Posted: 2004-09-01 10:14:13    Length: 3,616 byte(s)
[Original] [Print] [Top]
Felix Tilley wrote:
QUOTE
Aug 31 20:54:56 -0700 SRC=63.184.16.194 DST=63.184.113.12 PROTO=TCP SPT=4706 DPT=445
Aug 31 20:54:59 -0700 SRC=63.184.16.194 DST=63.184.113.12 PROTO=TCP SPT=4706 DPT=445
Aug 31 20:55:51 -0700 SRC=222.88.173.5 DST=63.184.113.12 PROTO=UDP SPT=31215 DPT=1026





whoapnic       222.88.173.5
% [whois.apnic.net node-1]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      222.88.0.0 - 222.89.255.255
netname:      CHINATELECOM-HA
descr:        CHINANET henan province network
descr:        China Telecom
descr:        No.31,jingrong street
descr:        Beijing 100032
country:      CN
admin-c:      CH93-AP
tech-c:       HZ149-AP
mnt-by:       APNIC-HM
mnt-lower:    MAINT-CHINATELECOM-HA
mnt-routes:   MAINT-CHINATELECOM-HA
changed:      hm-changed@apnic.net 20040113
status:       ALLOCATED PORTABLE
source:       APNIC

person:       Chinanet Hostmaster
address:      No.31 ,jingrong street,beijing
address:      100032
country:      CN
phone:        +86-10-66027112
fax-no:       +86-10-58501144
e-mail:       hostmaster@ns.chinanet.cn.net
e-mail:       anti-spam@ns.chinanet.cn.net
nic-hdl:      CH93-AP
mnt-by:       MAINT-CHINANET
changed:      hostmaster@ns.chinanet.cn.net 20021016
remarks:      hostmaster is not for spam complaint,please send spam complaint to anti-spam@ns.chinanet.cn.net
source:       APNIC

person:       Hongbiao Zhang
nic-hdl:      HZ149-AP
e-mail:       ip@hntele.com
address:      97# Zhongyuan Street, Zhengzhou,Chinese
phone:        +86-371-5310007
fax-no:       +86-371-5310044
country:      CN
changed:      zhb@hntele.com 20030813
mnt-by:       MAINT-CHINATELECOM-HA
source:       APNIC





I also have tons of them.


--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAŅA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                 -- Jack Kerouac, "On the Road"

[Original] [Print] [Top]
Subject: More Port 1026 probes from China
Author: jayjwa    Posted: 2004-09-02 00:39:34    Length: 1,259 byte(s)
[Original] [Print] [Top]
On 2004-09-01, Jose Maria Lopez Hernandez [jkerouac@bgsec.com] wrote:
QUOTE
Felix Tilley wrote:
Aug 31 20:54:56 -0700 SRC=63.184.16.194 DST=63.184.113.12 PROTO=TCP SPT=4706 DPT=445
Aug 31 20:54:59 -0700 SRC=63.184.16.194 DST=63.184.113.12 PROTO=TCP SPT=4706 DPT=445
Aug 31 20:55:51 -0700 SRC=222.88.173.5 DST=63.184.113.12 PROTO=UDP SPT=31215 DPT=1026

country:      CN
changed:      zhb@hntele.com 20030813
mnt-by:       MAINT-CHINATELECOM-HA
source:       APNIC

I also have tons of them.

I belive it's a MS-Windows thing. I block any and all Chinanet IP's
and netblocks I come across. They account for a large portion of my
firewall logs. Kornet, Hinet, Harano, netvigator, and .21cn.com too.
In my experience they are mostly zombies, spam-proxies, botnets, and
compromised machines spewing tons of malware.

--
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

[Original] [Print] [Top]
« Previous thread
Need help connecting to NetScreen VPN using Kame IPSEC
Linux Security
Page. 21
Next thread »
iptables question: restricting access to port 2500 to Apache Web Serve
     

Copyright © 2007 UNIX Resources Network, All Rights Reserved.      About URN | Privacy & Legal | Help | Contact us
Powered by FreeBSD    webmaster: webmaster@unixresources.net
This page created on 2007-08-01 13:10:44, cost 0.048369884490967 ms.