China running port scans on my firewall

Discussion in 'Networking & Security' started by Motley, Sep 27, 2008.

  1. Motley

    Motley 2[H]4U

    Messages:
    2,452
    Joined:
    Mar 29, 2005
    Geeez, was looking at my firewall logs, and I'm constantly being hit by ip's located in China. WTF, all these hackers!

    Of course it's blocking all these requests, be holy cow thats ridiculous. Lots of baddies out there!
     
  2. NetJunkie

    NetJunkie [H]ardForum Junkie

    Messages:
    9,683
    Joined:
    Mar 16, 2001
    At a position I used to have we filtered all IPs from China and Asia to our production public systems.
     
  3. Motley

    Motley 2[H]4U

    Messages:
    2,452
    Joined:
    Mar 29, 2005
    That's a great idea. But sad to see how many successful hacks they get from poor unsuspecting users out there. I know some businesses don't even have firewalls.
     
  4. w1retap

    w1retap [H]ardForum Junkie

    Messages:
    11,871
    Joined:
    Jul 17, 2006
    heh, you should see how many hack attempts and hits the government agencies get from China. It's astounding. In this day and age, no matter who you are or what OS you're running, it's best to run a good quality hardware firewall.
     
  5. Cheetoz

    Cheetoz [H]ard|Gawd

    Messages:
    1,972
    Joined:
    Mar 3, 2003
    attempted email relays are twice as fun
     
  6. Arch

    Arch Gawd

    Messages:
    822
    Joined:
    Mar 9, 2000
    Welcome to the Internet. Everyone's machine gets hit with the same crap.
     
  7. The Spyder

    The Spyder 2[H]4U

    Messages:
    2,628
    Joined:
    Jun 18, 2002
    Does anyone have a IP list of asia/china countries so I can add them to my block list? We are getting hit hard at work.
     
  8. Rabidfox

    Rabidfox Limp Gawd

    Messages:
    282
    Joined:
    Oct 6, 2005
  9. XOR != OR

    XOR != OR [H]ardForum Junkie

    Messages:
    11,549
    Joined:
    Jun 17, 2003
  10. Dallows

    Dallows [H]ardness Supreme

    Messages:
    6,816
    Joined:
    Jun 18, 2004
    You know what's interesting. I just checked my router logs and I've got a lot of OUTGOING ICMP packets blocked.

    Might be from utorrent.
     
  11. Eva_Unit_0

    Eva_Unit_0 [H]ard|Gawd

    Messages:
    1,991
    Joined:
    Jun 1, 2005
    welcome to the club. This is the reason why I don't run ssh on the default port (22). I end up with endless pages of failed logins in my logs if I do. Arbitrary ports ftw!

    There are tools that can help with this (like fail2ban) but it's still a pain in the butt no matter what. I just use strict iptables rules and I don't have many issues with it anymore.
     
  12. Sharaz Jek

    Sharaz Jek Gawd

    Messages:
    647
    Joined:
    Jul 19, 2000
    i just block any ports that would use a privileged login, and require VPN connection to get to everything.