have an interesting situation here

Chat about just about anything else
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Locked
DAMIEN1307

have an interesting situation here

Post by DAMIEN1307 »

hi guys ...hope you can add to my knowledge base here...checked my NAT firewall/router activity and found the following

"SYN with Data from IP 210.44.14.14 port 51927 to IP 69.128.xxx.xxx port 1433 dr"...this has been found in the firewall section of my router firewall as being blocked 2 times now over the past 4 days...gufw is also active on all my systems as Public and Deny all incoming traffic...all computer systems here are running linux based computer systems LM 18.2 cinn. and peppermint 8, all updates applied, and both browsers are slimjet and opera with all up to date using StartPage as the search engine in both

when i traced the IP, i got the following

ISP Shandong Normal University
Usage Type University/College/School
Domain Name sdnu.edu.cn
Country China
City Jinan, Shandong

this IP address is listed on the "Binary Defense Systems Artillery Threat Intelligence Feed and Banlist Feed"

i am assuming that this is a port probe that has been blocked by the NAT firewall...there is no log in the gufw so i assume the NAT took care of this...why would the chinese be interested in me...DAMIEN
Last edited by LockBot on Wed Dec 07, 2022 4:01 am, edited 3 times in total.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
User avatar
catweazel
Level 19
Level 19
Posts: 9763
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: have an interesting situation here

Post by catweazel »

DAMIEN1307 wrote:why would the chinese be interested in me...
hax0ring.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
DAMIEN1307

Re: have an interesting situation here

Post by DAMIEN1307 »

hi catweazel...i kind of thought it was a feeble attempt to to hack port 1433 due to the fact that this port as well as its sister port 1434 is normally used by the Microsoft SQL server...last i thought, wasnt this port probe "worm" type of attack for dropping off the "snake" worm type of malware?... i seem to remember their was something called the "SQL SNAKE" that was used in these type of attacks that if successful, would allow the miscreant to take over administrative rights of an infected system through a penetration of port 1433 and its sister microsoft sql server port 1434 on non stealthed systems let alone even trying that on a linux based system...just another good reason to those who think running in root is just fine because its a single user system as i hear them say "dont nanny me i know what im doing" lol...DAMIEN
User avatar
catweazel
Level 19
Level 19
Posts: 9763
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: have an interesting situation here

Post by catweazel »

They wouldn't have been targeting you specifically, rather the IP block your router sits in.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
DAMIEN1307

Re: have an interesting situation here

Post by DAMIEN1307 »

ok catweazel...my only other thought i had on this subject is this...the 14 computers that were donated to me to give out to schools, kids etc were all dbaned first because they were previously military computers used at a sensitive installation...hence the reason for dban...do not know if its possible or not but since all of them have been on line here during their conversion to peppermint 8, do miscreants have a way to track them through mac address or whatever and maybe thats why im getting probed out of the blue here?...just a thought i had here before my one single thought died of loneliness here lol...DAMIEN
User avatar
catweazel
Level 19
Level 19
Posts: 9763
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: have an interesting situation here

Post by catweazel »

Like I said, hackers looking for weaknesses attack whole blocks of IP addresses, not specific machines.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
Locked

Return to “Open Chat”