Jump to content

yhmmm.. someone thinks they are 1337 around here....


Recommended Posts

Posted

dunno who this is but this is retarded (it's freaking anonymous!)

Also, I would like to add that obviously AlFTP shows the ip addy for whoever is trying to connect.

:

! 202.106.53.50 connected

< 202.106.53.50 USER backup

> 202.106.53.50 331 Password required for backup.

(the rest omitted for redundancy)

To top it off, this happened over about 15 seconds, not slow enough for a person to type in.

And just using tracert found that whoever it was is in the seattle wa district on comcast...

heh, probably a spoofed ip anyway, but would someone that smart do this?

I am investigating...

Posted

I copy pasted it. actually that was wrong (the tracert results.)

here is what tracert gives me.

tracert.jpg

and here's what I have from net tools so far..

nettools.jpg

Posted

202.106.0.0 - 202.106.255.255

CNCGROUP Beijing province network

China Network Communications Group Corporation

No.156,Fu-Xing-Men-Nei Street,

Beijing 100031

CNCGroup Hostmaster

abuse@cnc-noc.net

No.156,Fu-Xing-Men-Nei Street,

Beijing,100031,P.R.China

+86-10-82993155

+86-10-82993102

sun ying

fu xing men nei da jie 97, Xicheng District

Beijing 100800

+86-10-66030657

+86-10-66078815

suny@publicf.bta.net.cn

Posted

Thanx sparda! Now I know the chinese gov. really is after me! j/k...

yah... prolly just a script... (why didnt I get that memo?!)

CNCGroup is into system outsourcing.

Also seems on alot of forums to be getting attention because of spamming servers, etc coming from that group. Now I am not that leet, but is this something I should consult my ip on? I mean they run local blacklists dont they?

(im on ATNT formerly bellsouth)

I know the Internet has been lacking lately for my connection, and this seemes to be something that would connect in the equation.

Posted

Our servers are constantly being bombarded by chinese and russians...,

It's annoying,... especially when they discover the email that generates support tickets..., thank god for white/graylisting

Posted
202.106.0.0 - 202.106.255.255

CNCGROUP Beijing province network

China Network Communications Group Corporation

No.156,Fu-Xing-Men-Nei Street,

Beijing 100031

CNCGroup Hostmaster

abuse@cnc-noc.net

No.156,Fu-Xing-Men-Nei Street,

Beijing,100031,P.R.China

+86-10-82993155

+86-10-82993102

sun ying

fu xing men nei da jie 97, Xicheng District

Beijing 100800

+86-10-66030657

+86-10-66078815

suny@publicf.bta.net.cn

i got taht too, just didnt post it, thought he did a WHOIS, hmm..

jw, whats the rule again? they can hack us and we can do nothing but we hack them and they scream for blood? (i dont mean hack the FBI or anyhting just like target, and mess with it, yet we a hit a site of theirs and they want blood)

Posted

interesting:

Starting Nmap 4.62 ( http://nmap.org ) at 2009-02-25 13:39 CET

Insufficient responses for TCP sequencing (2), OS detection may be less accurate

Interesting ports on 202.106.53.50:

Not shown: 1697 closed ports

PORT STATE SERVICE VERSION

23/tcp open telnet?

25/tcp filtered smtp

80/tcp filtered http

81/tcp open hosts2-ns?

110/tcp filtered pop3

135/tcp filtered msrpc

137/tcp filtered netbios-ns

138/tcp filtered netbios-dgm

139/tcp filtered netbios-ssn

445/tcp filtered microsoft-ds

593/tcp filtered http-rpc-epmap

4444/tcp filtered krb524

7070/tcp open http Apache httpd 2.0.52 ((Red Hat))

8080/tcp filtered http-proxy

12345/tcp filtered netbus

12346/tcp filtered netbus

27374/tcp filtered subseven

31337/tcp filtered Elite

an apache test page on port 7070 : http://202.106.53.50:7070/

also if you search google for this ip, you get alot of hosts.deny files

but also a file called botnet.txt : http://robert.kolatzek.org/botnet.txt

and look at this: http://202.106.53.50:81/

Posted

I've never seen a internet connected machine not be subject to these types of attack tbh, and its the reason why things like denyhosts exists. Its a constant war, not a conspiracy. Chinese hackers spend most of there days scanning large blocks of IP's and attempting to bruteforce any listening service they can find. TBH its gone so far and has so many levels of automatation its starting to turn into some kinda distrubuted AI.

Posted
TBH its gone so far and has so many levels of automatation its starting to turn into some kinda distrubuted AI.

i hear you on that one. I get the same spammer tryign to reach my site at the same time every day. its automated, and comes from the same IP, even though now they get a 403 forbidden, they dont; care, cause its automated, and they probably never even check to see if its working. Almost ALL the spam and hack attempts I see on my site and home machine stem from china, and russia.

Posted

When I had my last server, the IP Address would get several hits from the same IP Addresses in China, the Philipeans and Russia and it looked like port scans, you'd think after they had done a port scan and found there wasnt anything of interest, they would give up on the server and stop scanning it/remove it from the script.

Posted

....yah, but when you have like 14mbps or higher, I guess they would'nt care... Why does china do shit like this anyway? I mean hell we got hackers trying to give them freedom of speech.

LAME...

seems like stuff like this will go on forever.. Remember the first time you ever used zonealarm? First time I used it I found AOL hitting me like there was no tomorrow.

  • 9 months later...
Posted

As soon as i setup my new forums, I had russians trying to hack them. I just say put the ban hammer down, Ban every IP trying to attack your server. Like dr0p said it is probuly some script kiddy using a program to scan for exploits on large ip blocks, you just happned to get scaned or maybe the program worked and found an exploit

Posted

Man this was a good while ago... Funny to think what I know now compared to then (which was only 10 months ago) This was only a temporary FTP I put up to distribute some files though, so no harm, no foul. Since then I have put more ummph into my firewall anyways.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...