Menu
What's new
By:
Filters
Better Search

China Cyberspace Attack

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

Chrish

New Around Here
I'm not happy about this... Is there any way to get this person/company in trouble? It's obvious that their trying to hack into whatever they can.

My router logs have been showing an attempt to hack my wireless router.

INFO] Tue Oct 28 21:47:27 2008 Blocked incoming TCP connection request from 222.180.37.14:12200 to 76.109.89.52:6081
[INFO] Tue Oct 28 21:47:27 2008 Blocked incoming TCP connection request from 222.180.37.14:12200 to 76.109.89.52:8000

I tried to RDP into the remote and a windows server login prompt came up.

I've attached the screenshot.
 

Attachments

  • hack.jpg
    hack.jpg
    10.9 KB · Views: 406
Take it easy. It happens all the time, 24/7. It is not about China - the attempts come from all over the world. And in some cases these are computers - zombies, their owners even do not know they have trojans working and used to break in to other computers.

Make sure you have as less as possible open ports and strong passwords on the router and all computers/NASes inside the network. I would also recommend disabling UPnP on the router.

You could also use whois on the IP and find out who the domain owner is, then write an e-mail to him, asking to do smth - do not bother, I have tried. no answer. May be if you phone them, they would do smth.

I also noted that these attacks usually happen when you use bit torrent, or similar. This is the way they get your IP as potential target.
________
Sexy girls
 
Last edited:
Probably not the most legal, but I used to have an "agreement" on my RDP and FTP that basically said, "if you try to log in here you give me permission to do the same to you".

Just for fun sometimes I'd RDP or \\IP\c$ to the offending IP... it was amazing how many were blank passwords, easy passwords, or would drop you right in... sometimes they were servers and the actual hacking software would be running in the background. Some I'm guessing were zombies, I would hope hackers wouldn't be dumb enough to leave their passwords blank while trying to hack others.

In any case, that's what your router is for, don't worry about it... chasing every little access attempt while drive you insane, just make sure things are secure and forget about it... You can also shut off ICMP so port scans looking only for active clients will bypass you...
 
Last edited:
You must log in or register to reply here.

Similar threads

J
Skynet Skynet - Blocked outbounds coming from the router itself?
Replies
12
Views
340
JuanGF
J
N
Suspicious Activity?
Replies
6
Views
1K
L&LD
L&LD
J
AX86U constantly blocking repeated inbound connections
Replies
7
Views
1K
Tech9
Tech9
Yiannis
Skynet Help me understand Skynet's outbound blocked connection
Replies
6
Views
1K
Yiannis
Yiannis
B
Dynamic IP not refreshing, mistakes were made, related?
Replies
1
Views
680
ColinTaylor
C
Similar threads
Thread starter Title Forum Replies Date
sfx2000 News SSID Confusion attack, tracked as CVE-2023-52424 General Network Security 2
PR3MIUM 5Ghoul Attack (5G modems from Qualcomm and MediaTek) General Network Security 0
P News Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack General Network Security 15
L&LD Cisco under attack, again. General Network Security 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 626 (members: 37, guests: 589)
Top