have an interesting situation here

Chat about just about anything else
DAMIEN1307
Level 4
Level 4
Posts: 209
Joined: Tue Feb 21, 2017 8:13 pm

have an interesting situation here

Postby DAMIEN1307 » Sat Oct 28, 2017 6:00 am

hi guys ...hope you can add to my knowledge base here...checked my NAT firewall/router activity and found the following

"SYN with Data from IP 210.44.14.14 port 51927 to IP 69.128.xxx.xxx port 1433 dr"...this has been found in the firewall section of my router firewall as being blocked 2 times now over the past 4 days...gufw is also active on all my systems as Public and Deny all incoming traffic...all computer systems here are running linux based computer systems LM 18.2 cinn. and peppermint 8, all updates applied, and both browsers are slimjet and opera with all up to date using StartPage as the search engine in both

when i traced the IP, i got the following

ISP Shandong Normal University
Usage Type University/College/School
Domain Name sdnu.edu.cn
Country China
City Jinan, Shandong

this IP address is listed on the "Binary Defense Systems Artillery Threat Intelligence Feed and Banlist Feed"

i am assuming that this is a port probe that has been blocked by the NAT firewall...there is no log in the gufw so i assume the NAT took care of this...why would the chinese be interested in me...DAMIEN
Last edited by DAMIEN1307 on Sat Oct 28, 2017 7:29 am, edited 2 times in total.

User avatar
catweazel
Level 11
Level 11
Posts: 3537
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: have an interesting situation here

Postby catweazel » Sat Oct 28, 2017 6:21 am

DAMIEN1307 wrote:why would the chinese be interested in me...

hax0ring.
If your problem is fixed, please mark your thread as [SOLVED] by editing the title of the first message in the thread.

DAMIEN1307
Level 4
Level 4
Posts: 209
Joined: Tue Feb 21, 2017 8:13 pm

Re: have an interesting situation here

Postby DAMIEN1307 » Sat Oct 28, 2017 7:34 am

hi catweazel...i kind of thought it was a feeble attempt to to hack port 1433 due to the fact that this port as well as its sister port 1434 is normally used by the Microsoft SQL server...last i thought, wasnt this port probe "worm" type of attack for dropping off the "snake" worm type of malware?... i seem to remember their was something called the "SQL SNAKE" that was used in these type of attacks that if successful, would allow the miscreant to take over administrative rights of an infected system through a penetration of port 1433 and its sister microsoft sql server port 1434 on non stealthed systems let alone even trying that on a linux based system...just another good reason to those who think running in root is just fine because its a single user system as i hear them say "dont nanny me i know what im doing" lol...DAMIEN

User avatar
catweazel
Level 11
Level 11
Posts: 3537
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: have an interesting situation here

Postby catweazel » Sat Oct 28, 2017 8:07 am

They wouldn't have been targeting you specifically, rather the IP block your router sits in.
If your problem is fixed, please mark your thread as [SOLVED] by editing the title of the first message in the thread.

DAMIEN1307
Level 4
Level 4
Posts: 209
Joined: Tue Feb 21, 2017 8:13 pm

Re: have an interesting situation here

Postby DAMIEN1307 » Sat Oct 28, 2017 8:15 am

ok catweazel...my only other thought i had on this subject is this...the 14 computers that were donated to me to give out to schools, kids etc were all dbaned first because they were previously military computers used at a sensitive installation...hence the reason for dban...do not know if its possible or not but since all of them have been on line here during their conversion to peppermint 8, do miscreants have a way to track them through mac address or whatever and maybe thats why im getting probed out of the blue here?...just a thought i had here before my one single thought died of loneliness here lol...DAMIEN

User avatar
catweazel
Level 11
Level 11
Posts: 3537
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: have an interesting situation here

Postby catweazel » Sat Oct 28, 2017 8:28 am

Like I said, hackers looking for weaknesses attack whole blocks of IP addresses, not specific machines.
If your problem is fixed, please mark your thread as [SOLVED] by editing the title of the first message in the thread.


Return to “Open chat”