Warning

 

Close
Confirm Action

Are you sure you wish to do this?

Cancel Confirm
18253 Online
bravocompany bravocompany bravocompany
brownells brownells
tnvc tnvc tnvc
AR15.COM
bravocompany
My Account
bravocompany bravocompany bravocompany
brownells brownells
tnvc tnvc tnvc
midwest
skd
cz
Guns
colt
vortex
fightlite
brownells
palmetto
aim
bravocompany
primaryArms
Holosun
JRH
RS
springfield
magpul
GS
DFC
CA
silencerShop
geissele
18253 Online
GS
fightlite
silencerShop
magpul
DFC
vortex
palmetto
geissele
Guns
RS
aim
colt
springfield
CA
skd
brownells
cz
midwest
bravocompany
JRH
primaryArms
Holosun
Site News The People of Virginia VS Grabigial BanBerger | ARFCOM News
4/25/2005 4:34:25 PM EDT
I have had every possible port scanned and entry attempted today....in 10 hours or so, that is now approaching 9000 attempts.

I traced this to the Boston area...but there is no ISP, phone number...and there's a good chance this attack is simply running through Boston as opposed to actually occuring there.

With an IP address, what else can I do?

Since I've been typing this, there have been 12 more attempts. I've put a block on the IP address, so I don't believe they've been successful...but this is really getting annoying.

Is there a way I can stick it to them? I contacted my ISP, but their "solution" started and stopped with a "Do not reply to this email" email....telling me they'd see what they can do. That was this morning. 3000+ attempts later, nothing.
4/25/2005 4:35:45 PM EDT
[#1]
Switch to Mozilla Firefox.
4/25/2005 4:36:11 PM EDT
[#2]
IM me the IP address, I'll see if I can dig up any useful information for you.
4/25/2005 4:37:48 PM EDT
[#3]
IM it to me and I can see what I can do. Two searchers are better that one.

ICQ below or regular ARFCOM IM.
4/25/2005 4:38:04 PM EDT
[#4]
Better yet, post the IP so we all can play
4/25/2005 4:38:25 PM EDT
[#5]
chk out one of these programs find out the isp of the number and give em a call

here
4/25/2005 4:42:06 PM EDT
[#6]
69.45.79.136
4/25/2005 4:42:59 PM EDT
[#7]
Are they coming from the same IP block?
Are you null routing IP's as they attempt to port scan you?

arin.net/
Use ARIN to lookup who the IP space belongs to. Email the block owner or null route the whole block if enough attempts from the same IP space warrant it.

GET A LIVE PERSON ON THE PHONE FROM YOUR ISP. If they aren't handling this like it's important to them, then i would seriously suggest moving ISP's.
4/25/2005 4:46:16 PM EDT
[#8]
Search results for: 69.45.79.136

Williams Communications, Incorporated WCG-BLK-4 (NET-69-44-0-0-1)
                                 69.44.0.0 - 69.45.255.255
Akamai Technologies, Inc. WLCO-TWC02115509-AKAMAI-TECH-MIAMI (NET-69-45-79-0-1)
                                 69.45.79.0 - 69.45.79.255

# ARIN WHOIS database, last updated 2005-04-24 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
4/25/2005 4:49:48 PM EDT
[#9]
Muscatine Power and Water?

There's an Iowa utilites worker/hacker? Doesn't seem to make sense.
4/25/2005 4:52:58 PM EDT
[#10]
Quoted:
Muscatine Power and Water?

There's an Iowa utilites worker/hacker? Doesn't seem to make sense.


Most likely a machine that has been compromised and is now a "zombie" machine, used to DoS, portscan, etc.
4/25/2005 4:54:19 PM EDT
[#11]
Quoted:
69.45.79.136

Search results for: 69.49.79.136


OrgName:    Muscatine Power and Water


It only works when you search for the right IP Address.
4/25/2005 4:57:37 PM EDT
[#12]
Quoted:
Quoted:
69.45.79.136

Search results for: 69.49.79.136


OrgName:    Muscatine Power and Water


It only works when you search for the right IP Address.


My bad...I copied it wrong and corrected it . The one in red is the one, as you're probably aware.
4/25/2005 5:03:32 PM EDT
[#13]
Quoted:
Quoted:
Quoted:
69.45.79.136

Search results for: 69.49.79.136


OrgName:    Muscatine Power and Water


It only works when you search for the right IP Address.


My bad...I copied it wrong and corrected it . The one in red is the one, as you're probably aware.


They are both the same.
4/25/2005 6:18:05 PM EDT
[#14]
M4,

How are you seeing this attack?  Is your PC's firewall seeing it or do you have some sort of hardware router/firewall between you and the internet?

If you have a hardware firewall, you can tell it not to respond to port scans or any other ICMP traffic from outside.  This is an easy way to black hole yourself from ports scans and such.

Like some others have said, chances are, some machine ahs been 'zombied' and is scanning yours and many other addresses.  Let the ISP know, as they can alert the customer and maybe fix it.

Keep us posted.
4/25/2005 7:18:08 PM EDT
[#15]
Name:       NOC
Handle:     NOC1696-ARIN
Company:    Akamai Technologies, Inc.
Address:    8 Cambridge Center
City:       Cambridge
StateProv:  MA
PostalCode: 02142
Country:    US
Comment:    
RegDate:    2004-12-08
Updated:    2004-12-08
Phone:      +1-617-444-3007  (Office)
Email:      ***@akamai.com
4/25/2005 7:31:17 PM EDT
[#16]
Nuke the entire site from orbit.  It's the only way to be sure...
4/25/2005 7:33:22 PM EDT
[#17]
How do you tell if someone is trying to hack your computer like that?
4/25/2005 7:38:21 PM EDT
[#18]
Quoted:
Quoted:
Muscatine Power and Water?

There's an Iowa utilites worker/hacker? Doesn't seem to make sense.


Most likely a machine that has been compromised and is now a "zombie" machine, used to DoS, portscan, etc.
+1
ar15com
geissele
bravocompany
gray
Pro2A
brownells
springfield
fightlite
primaryArms
Faxxon
cmmg
SAS
palmetto
ar15com
LAPG
blackhills
RS
LAPG
CA
colt
silencerShop
THBRD