Am I Paranoid Or Should I Be Concerned

[handplane]

If this is in the wrong forum please move to the correct one.

For months China has been scanning me from various ISP's.

Today I want to take a stand if possible.

ISP 60.11.125.36 has been scanning UDP ports 1026,1031,4297 and 1030 all day:

5:49 am

6:36

7:32

8:32

9:31

10:29

12:22pm

1:23

4:11

6:09

7:06

Do I have to put up with this harassment or is there something I can do to stop them?

Below you will see the results of a Sam Spade search on the ISP.

whoisWhois:

@whois. MagicNetworkSolutions.comCRSNIC.netARIN.netRIPE.netAPNIC.netLACNIC.netEDUcause.n

etPIR.orgnic.MILAUnic.net

Server Used: [ whois.apnic.net ]

60.11.125.36 = [ ]

inetnum: 60.11.0.0 - 60.11.255.255

netname: CNCGROUP-HL

descr: CNCGROUP Heilongjiang Province Network

descr: China Network Communications Group Corporation

descr: No.156 Fu-Xing-Men-Nei Street

descr: Beijing 100031

country: CN

admin-c: CH444-AP

tech-c: BG63-AP

status: ALLOCATED PORTABLE

mnt-by: APNIC-HM

mnt-lower: MAINT-CNCGROUP-HL

mnt-routes: MAINT-CNCGROUP-RR

changed: [email protected] 20041231

changed: [email protected] 20050218

source: APNIC

route: 60.11.0.0/16

descr: CNC Group CHINA169 Heilongjiang Province Network

country: CN

origin: AS4837

mnt-by: MAINT-CNCGROUP-RR

changed: [email protected] 20060118

source: APNIC

person: CNCGroup Hostmaster

nic-hdl: CH444-AP

e-mail: [email protected]

address: No.156 Fu-Xing-Men-Nei Street

address: Beijing 100031 P.R.China

phone: 86-10-82993155

fax-no: 86-10-82993144

country: CN

changed: [email protected] 20041220

mnt-by: MAINT-CNCGROUP

source: APNIC

person: Binghui Gao

nic-hdl: BG63-AP

e-mail: [email protected]

address: Communication Corporation Internet Enterprise Division of HLJ

phone: 86-451-2804465

fax-no: 86-451-2804442

country: CN

changed: [email protected] 20030221

mnt-by: MAINT-CNCGROUP-HL

source: APNIC

[gargriff49]

your not by chance running an IBM machine with auto-updates on are ya?

Probably mail spammer

Edited February 13, 2006 by gargriff49

[handplane]

Windows Xp Pro with SP2.

[isteve]

Being a Mac user I'm not all the familiar with malware but check you system for spyware. I remember the CNC Group from china was a big source of spam a few years ago.

[handplane]

After Ad-Aware's Update on 2/8/06 a scan found 3 baddies.

Ran smitRem.exe and Panda ActiveScan and was clean.

Was wondering if the problem i got was from the Chinese.

[jcl]

I remember the CNC Group from china was a big source of spam a few years ago.

No doubt. ~115 million customers, ~10 million with broadband, lots of business customers, bound to be spammers and h4x0rs.

Edited February 13, 2006 by jcl

[hitest]

I agree with jcl, handplane, there are indeed bad people out there.

Just keep your XP box fully patched with all of the latest windows security updates, keep your anti-virus updated and scan your unit for malware and virii on a regular basis.

Do you have a firewall on your computer, handplane?

[rhema7]

After Ad-Aware's Update on 2/8/06 a scan found 3 baddies.

Ran smitRem.exe and Panda ActiveScan and was clean.

Was wondering if the problem i got was from the Chinese.

I find that Ewido does a better scan for me I have not really trust adaware in some time now.

[handplane]

I agree with jcl, handplane, there are indeed bad people out there.

Just keep your XP box fully patched with all of the latest windows security updates, keep your anti-virus updated and scan your unit for malware and virii on a regular basis.

Do you have a firewall on your computer, handplane?

Yes, I try to run a tight ship.

Run Sygate and it's up to date.

Also have and they are all up to date also:

a²

SpyBot

Spywareblaster

AVG

[JSKY]

I also discovered in the past week, Using Netscape`s newest build 8.1. That it has a fantastic Spyware scanner built into it's new Security Center.

You need to have the browser up and running to run the spyware scan. But after an incident this last week. I have started using it on a full time bases along with all my other scans. It found some things all the others missed.

Just something you might consider trying.

[JDoors]

By saying you know who & where I assume you're looking at a Firewall log. The firewall is stopping the attempts so you don't need to worry about it. Especially since you've scanned your system and cleaned it (presumably).

That computer in China may be infected, or it may be a spammer, or it may be some moron trying to get in. Whatever the reason, your firewall's stopping it. In my experience it will stop soon (probably when the kid's parent finds out what they've been up to, or when they realize they've never received a response from your system due to your firewall blocking them -- they'll just change the addresses they're probing and it'll be someone else's problem).

[Mainter]

Abuse address(es) for 60.11.125.36

Generated by www.DNSstuff.com

Location: China [City: Heilongjiang, Heilongjiang]

Looking up 60.11.125.36 at whois.abuse.net.

Above are the results from www.abuse.net, and are the E-mail address(es) that abuse complaints should be sent to.

[TheTerrorist_75]

Abuse address(es) for 60.11.125.36

Generated by www.DNSstuff.com

Location: China [City: Heilongjiang, Heilongjiang]

Looking up 60.11.125.36 at whois.abuse.net.

Above are the results from www.abuse.net, and are the E-mail address(es) that abuse complaints should be sent to.

That's listed above in his post. Complaining to a ISP in China with only get a behind the scene smirk from those owning it.

[handplane]

That's listed above in his post. Complaining to a ISP in China with only get a behind the scene smirk from those owning it.

TT,

I agree and why provide them with an email address to bomb me with spam.

[Makai]

By saying you know who & where I assume you're looking at a Firewall log. The firewall is stopping the attempts so you don't need to worry about it. Especially since you've scanned your system and cleaned it (presumably).

That computer in China may be infected, or it may be a spammer, or it may be some moron trying to get in. Whatever the reason, your firewall's stopping it. In my experience it will stop soon (probably when the kid's parent finds out what they've been up to, or when they realize they've never received a response from your system due to your firewall blocking them -- they'll just change the addresses they're probing and it'll be someone else's problem).

That's my thoughts too. Every once in a while some idiot starts pinging me repeatedly. It's annoying, but Sygate is blocking them so it's nothing more than an annoyance.

[hitest]

I agree with jcl, handplane, there are indeed bad people out there.

Just keep your XP box fully patched with all of the latest windows security updates, keep your anti-virus updated and scan your unit for malware and virii on a regular basis.

Do you have a firewall on your computer, handplane?

Yes, I try to run a tight ship.

Run Sygate and it's up to date.

Also have and they are all up to date also:

a²

SpyBot

Spywareblaster

AVG

It sounds to me like you're in good shape. Software firewalls are very good. You may also wish to consider a hardware firewall solution, a NAT router can also help to protect you from hackers. I run an inexpensive router on my home LAN, it is one more thing between you and the Internet.

No solution is perfect, but, it sounds like you're taking good precautions to keep out the script kiddies and hackers.

[Chappy]

Yah...it's a constant barrage from them these days handplane, but your firewall is doing it's job and you have nothing to worry about.

I find they come in groups, I get barraged for a week or so and then nothing for awhile, then boom....here they go again. There are tons of hackers in China that are searching for any computer they can take over, and use to circumvent the archaic Internet laws the governments impose on them.