Pořád mi někdo skenuje porty

[Slimák]

Ahoj. Potřeboval bych radu.

Už několikrát v přehledu Keria jsem našel, že někdo z IP adresy 62.24.64.132 mi skenuje porty a výsledek je permited, to znamená, že jde o nějakého potenciálního hackera?

Jak se proti tomu případně bránit?

Ta adresa patří podle Whois někomu z UPC Mistral.

[Petano]

moc pochybuju ze by to byl nejaky hacker ... proc by to delal? (nebo mas u sebe na pocitaci neco cennyho? )

S nejvetsi pravdepodobnosti ma ten clovek v pocitaci nejakyho cerva nebo trojskyho kone a nevi o nem

[Jaitni]

moc pochybuju ze by to byl nejaky hacker ... proc by to delal? (nebo mas u sebe na pocitaci neco cennyho? )

S nejvetsi pravdepodobnosti ma ten clovek v pocitaci nejakyho cerva nebo trojskyho kone a nevi o nem

No ja bych si tim nebyl tak jistej,podle me to bude jenom nakej zacatecnik (lamer) ,kterej chce vyzkouset nakej navod na hackovani...
Ale pokud mas firewall tak by to melo bejt v poho...melo by

[Jezevec]

Ses trochu paranoik coz ?

Pr: budu te chtit hacknout = udelam scan. Udelam ho 1x a to jeste tak, ze max 1port/minutu z ruznejch IP. To ti kerio nechyti (jeste pouziju ruzny stealth techniky kombinovany s normalnim connect). !x mi to staci, paac u zvidim, ze mas otevreny treba woknowsi porty => du hledat diru. ....

Staci ? Urcite te nebudu scanovat 20x z jedny IP jeste tak abys to videl. To udelam maximalne kdyz ti chci rict "bacha, ses mamlas, mas to otevreny, mel bys s tim neco delat".

[Anduril]

Mě to připadá normální...někdy mě taky někdo attackuje, i bráchu...takže pohoda...zatím se mi do PC nikdo nenaboural

[Slimák]

Já nejsem paranoik. Chtěl jsem jen zjistit o co jde, proto jsem se zeptal Jinak jsem zkoušel různý testy na www, a všechny porty jsem měl stealth.

Jinak ANO, mám na PC moc cenné informace.

Šlo mě hlavně o to, že jsem se zalekl, že Kerio napsalo Sna port permitted místo dropped.

Díky všem za info.

[Anduril]

Kód:

IP adresy:     62.24.64.0 - 62.24.71.255 
jméno sítě:   DATTELKABEL 
popis:   UPC Ceska republika, a.s.
Broadband Internet services in Prague 
země:   CZ 
admin-c:   MK23104-RIPE 
tech-c:   MK23104-RIPE 
tech-c:   MCR1-RIPE 
stav:   ASSIGNED PA (Provider Aggregatable) 
poznámky:   **********************************************
* In case of hack attacks, scans etc. please *
* send abuse notifications to: *
* abuse@mistral.cz *
**********************************************
* In case of spam please send abuse *
* notifications to: *
* spam@mistral.cz *
********************************************** 
upozorni:   ripe@mbox.dkm.cz 
spravuje:   DKI-MNT 
změnil:   dne 20. 8. 2003: hostmaster@mistral.cz 
zdroj:   RIPE

Když tak můžeš poslat mail na abuse@mistral.cz, že tě ta adresa hackuje ... mají to v té poznámce

[xbungie]

vubec by me neprekvapilo kdyby ten email byl presmerovan rovnou do trashe
ono to skenovani portu dost lidi dela nevedomky - maji proste nejaky virus - naprosto bezna situace v siti UPC..

[Fox!MURDER]

OMFG POMOOOOOC HACKERIIIIIII!
na jakej port ti to proboha leze ? a neleze to nahodou ze src portu 80 ?
ono totiz 62.24.64.132 je stroj na kerym bezi tohle forum.

btw. urcite nam poslete spoustu tech abuse reportu. uplne nejlepsi jsou takovy ve kterych je screenshot z visual traceroute a je tam zamerena krizkem praha ... opravdu super ...
btw. jesli se k necemu chces dobrat tak pastni kompletni zaznam z toho logu. ne jen ze se mi tam NECO objevilo a ono to acceptlo ...

[Jezevec]

Pridam jen maly priklad neci snahy:

Kód:

cat current
Aug 28 18:59:31 [sshd] Failed password for illegal user test from ::ffff:221.166.169.102 port 36134 ssh2
Aug 28 18:59:34 [sshd] Failed password for illegal user guest from ::ffff:221.166.169.102 port 36211 ssh2
Aug 28 18:59:37 [sshd] Failed password for illegal user admin from ::ffff:221.166.169.102 port 36287 ssh2
Aug 28 18:59:40 [sshd] Failed password for illegal user admin from ::ffff:221.166.169.102 port 36345 ssh2
Aug 28 18:59:43 [sshd] Failed password for illegal user user from ::ffff:221.166.169.102 port 36419 ssh2
Aug 28 18:59:46 [sshd] Failed password for root from ::ffff:221.166.169.102 port 36490 ssh2
Aug 28 18:59:49 [sshd] Failed password for root from ::ffff:221.166.169.102 port 36561 ssh2
Aug 28 18:59:52 [sshd] Failed password for root from ::ffff:221.166.169.102 port 36628 ssh2
Aug 28 18:59:55 [sshd] Failed password for illegal user test from ::ffff:221.166.169.102 port 36722 ssh2
Aug 29 02:54:35 [sshd] Failed password for illegal user test from ::ffff:61.150.43.123 port 34908 ssh2
Aug 29 02:54:41 [sshd] Failed password for illegal user guest from ::ffff:61.150.43.123 port 35015 ssh2
Aug 29 02:54:47 [sshd] Failed password for illegal user admin from ::ffff:61.150.43.123 port 35114 ssh2
Aug 29 02:54:53 [sshd] Failed password for illegal user admin from ::ffff:61.150.43.123 port 35207 ssh2
Aug 29 02:54:59 [sshd] Failed password for illegal user user from ::ffff:61.150.43.123 port 35311 ssh2
Aug 29 02:55:05 [sshd] Failed password for root from ::ffff:61.150.43.123 port 35419 ssh2
Aug 29 02:55:12 [sshd] Failed password for root from ::ffff:61.150.43.123 port 35520 ssh2
Aug 29 02:55:18 [sshd] Failed password for root from ::ffff:61.150.43.123 port 35609 ssh2
Aug 29 02:55:24 [sshd] Failed password for illegal user test from ::ffff:61.150.43.123 port 35692 ssh2
Aug 29 17:52:09 [sshd] Failed password for illegal user test from ::ffff:80.53.151.83 port 46158 ssh2
Aug 29 17:52:13 [sshd] Failed password for illegal user guest from ::ffff:80.53.151.83 port 46199 ssh2
Aug 30 23:23:56 [sshd] Failed password for illegal user test from ::ffff:140.117.240.109 port 38097 ssh2
Aug 30 23:23:59 [sshd] Failed password for illegal user guest from ::ffff:140.117.240.109 port 38168 ssh2
Aug 30 23:24:02 [sshd] Failed password for illegal user admin from ::ffff:140.117.240.109 port 38229 ssh2
Aug 30 23:24:08 [sshd] Failed password for illegal user admin from ::ffff:140.117.240.109 port 38292 ssh2
Aug 30 23:24:11 [sshd] Failed password for illegal user user from ::ffff:140.117.240.109 port 38411 ssh2
Aug 30 23:24:14 [sshd] Failed password for root from ::ffff:140.117.240.109 port 38468 ssh2
Aug 30 23:24:17 [sshd] Failed password for root from ::ffff:140.117.240.109 port 38527 ssh2
Aug 30 23:24:21 [sshd] Failed password for root from ::ffff:140.117.240.109 port 38605 ssh2
Aug 30 23:24:24 [sshd] Failed password for illegal user test from ::ffff:140.117.240.109 port 38674 ssh2
Aug 31 08:33:33 [sshd] Failed password for illegal user test from ::ffff:211.221.246.28 port 58378 ssh2
Aug 31 08:33:36 [sshd] Failed password for illegal user guest from ::ffff:211.221.246.28 port 58478 ssh2
Aug 31 08:33:39 [sshd] Failed password for illegal user admin from ::ffff:211.221.246.28 port 58561 ssh2
Aug 31 08:33:42 [sshd] Failed password for illegal user admin from ::ffff:211.221.246.28 port 58637 ssh2
Aug 31 08:33:45 [sshd] Failed password for illegal user user from ::ffff:211.221.246.28 port 58716 ssh2
Aug 31 08:33:49 [sshd] Failed password for root from ::ffff:211.221.246.28 port 58797 ssh2
Aug 31 08:33:52 [sshd] Failed password for root from ::ffff:211.221.246.28 port 58888 ssh2
Aug 31 08:33:55 [sshd] Failed password for root from ::ffff:211.221.246.28 port 58994 ssh2
Aug 31 08:33:58 [sshd] Failed password for illegal user test from ::ffff:211.221.246.28 port 59089 ssh2
Sep  2 01:17:44 [sshd] Failed password for illegal user test from ::ffff:62.50.74.178 port 59195 ssh2
Sep  2 01:17:45 [sshd] Failed password for illegal user guest from ::ffff:62.50.74.178 port 59273 ssh2
Sep  2 01:17:45 [sshd] Failed password for illegal user admin from ::ffff:62.50.74.178 port 59320 ssh2
Sep  2 01:17:46 [sshd] Failed password for illegal user admin from ::ffff:62.50.74.178 port 59368 ssh2
Sep  2 01:17:47 [sshd] Failed password for illegal user user from ::ffff:62.50.74.178 port 59407 ssh2
Sep  2 01:17:48 [sshd] Failed password for root from ::ffff:62.50.74.178 port 59445 ssh2
Sep  2 01:17:49 [sshd] Failed password for root from ::ffff:62.50.74.178 port 59495 ssh2
Sep  2 01:17:49 [sshd] Failed password for root from ::ffff:62.50.74.178 port 59540 ssh2
Sep  2 01:17:50 [sshd] Failed password for illegal user test from ::ffff:62.50.74.178 port 59584 ssh2
Sep  2 02:47:31 [sshd] Failed password for illegal user test from ::ffff:70.240.3.131 port 58575 ssh2
Sep  2 02:47:32 [sshd] Failed password for illegal user guest from ::ffff:70.240.3.131 port 58632 ssh2
Sep  2 02:47:34 [sshd] Failed password for illegal user admin from ::ffff:70.240.3.131 port 58690 ssh2
Sep  2 02:47:35 [sshd] Failed password for illegal user admin from ::ffff:70.240.3.131 port 58747 ssh2
Sep  2 02:47:37 [sshd] Failed password for illegal user user from ::ffff:70.240.3.131 port 58806 ssh2
Sep  2 02:47:38 [sshd] Failed password for root from ::ffff:70.240.3.131 port 58872 ssh2
Sep  2 02:47:40 [sshd] Failed password for root from ::ffff:70.240.3.131 port 58932 ssh2
Sep  2 02:47:42 [sshd] Failed password for root from ::ffff:70.240.3.131 port 59004 ssh2
Sep  2 02:47:43 [sshd] Failed password for illegal user test from ::ffff:70.240.3.131 port 59080 ssh2

[Skodik]

No me treba nedavno skenoval porty www4.cpress.cz

[hwsoft]

Ses trochu paranoik coz ?

Tohle i znas co?

Jsem paranoidni, ale jsem paranoidni dost?
Zrovna nedavno mi jeden novy uzivatel, co dostal konto rikal, jestli to myslim vazne , ze nema ani ssh .

[jj]

OMFG POMOOOOOC HACKERIIIIIII!
na jakej port ti to proboha leze ? a neleze to nahodou ze src portu 80 ?
ono totiz 62.24.64.132 je stroj na kerym bezi tohle forum.

no prave, uz sa to riesilo aj na pct, nejde o skenovanie portov, proste phpBB nieco robi a kerio na to reaguje ako port scan