Tech Support Forum - View Single Post - Port scans causing denial of service [moved from General Security}

johnhook · 04-27-2008, 01:21 PM

Blockhead,

Hopefully I'm not going to get in trouble for replying to this. I don't believe it falls into Malware.

The good news is that you've got decent firewall software that's detecting and blocking these attacks. The bad news is that they keep happening.

I've run into these attacks many times myself. I was using Norton Internet Security at the time.

The first thing you want to do is permanently BLOCK the offending IP addresses in your firewall software's configuration. This will prevent these IP's from having ANY access to your PC. Secondly, if you feel like reporting these attacks, you do a reverse lookup of the offending IP addresses, locate their ISP and send an email to that ISP including the date/time of the attack, the IP address in question, and a log or description of the message from your firewall software.

To track down the user or ISP from the IP address, go to:

http://www.arin.net/whois/

Type in the IP and you'll get a detailed listing of the ISP, domain, location.etc.

That first address in your post, 62.30.0.39 is from an organization in Amsterdam called "Ripe NNC". You can go to their site at: http://www.ripe.net/

If you want to report the port scan attack, click on Contact Us and email the appropriate address. You can also lookup a domain name on:

http://www.networksolutions.com/whois/index.jsp

type in the domain name (i.e. ripe.net) and you'll get detailed information about the domain name owner, administrative and technical contacts, etc.

From there, you can email the appropriate person at this company with your complaint.

Unfortunately, I've found that MOST of this attacks come from overseas (especially Korea - for some reason). In these cases, don't expect a repsonse to your emails as the recipent likely doesn't speak english.

Hope this helps and hope I'm not breaking any rules with this advice.

- John

04-27-2008, 01:21 PM	#2 (permalink)
johnhook Tech Hardware Team Join Date: Apr 2008 Posts: 810 OS: MS SBS 2003 SP2	Re: Port scans causing denial of service Blockhead, Hopefully I'm not going to get in trouble for replying to this. I don't believe it falls into Malware. The good news is that you've got decent firewall software that's detecting and blocking these attacks. The bad news is that they keep happening. I've run into these attacks many times myself. I was using Norton Internet Security at the time. The first thing you want to do is permanently BLOCK the offending IP addresses in your firewall software's configuration. This will prevent these IP's from having ANY access to your PC. Secondly, if you feel like reporting these attacks, you do a reverse lookup of the offending IP addresses, locate their ISP and send an email to that ISP including the date/time of the attack, the IP address in question, and a log or description of the message from your firewall software. To track down the user or ISP from the IP address, go to: http://www.arin.net/whois/ Type in the IP and you'll get a detailed listing of the ISP, domain, location.etc. That first address in your post, 62.30.0.39 is from an organization in Amsterdam called "Ripe NNC". You can go to their site at: http://www.ripe.net/ If you want to report the port scan attack, click on Contact Us and email the appropriate address. You can also lookup a domain name on: http://www.networksolutions.com/whois/index.jsp type in the domain name (i.e. ripe.net) and you'll get detailed information about the domain name owner, administrative and technical contacts, etc. From there, you can email the appropriate person at this company with your complaint. Unfortunately, I've found that MOST of this attacks come from overseas (especially Korea - for some reason). In these cases, don't expect a repsonse to your emails as the recipent likely doesn't speak english. Hope this helps and hope I'm not breaking any rules with this advice. - John