hi guys ...hope you can add to my knowledge base here...checked my NAT firewall/router activity and found the following
"SYN with Data from IP 210.44.14.14 port 51927 to IP 69.128.xxx.xxx port 1433 dr"...this has been found in the firewall section of my router firewall as being blocked 2 times now over the past 4 days...gufw is also active on all my systems as Public and Deny all incoming traffic...all computer systems here are running linux based computer systems LM 18.2 cinn. and peppermint 8, all updates applied, and both browsers are slimjet and opera with all up to date using StartPage as the search engine in both
when i traced the IP, i got the following
ISP Shandong Normal University
Usage Type University/College/School
Domain Name sdnu.edu.cn
Country China
City Jinan, Shandong
this IP address is listed on the "Binary Defense Systems Artillery Threat Intelligence Feed and Banlist Feed"
i am assuming that this is a port probe that has been blocked by the NAT firewall...there is no log in the gufw so i assume the NAT took care of this...why would the chinese be interested in me...DAMIEN
have an interesting situation here
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
have an interesting situation here
Last edited by LockBot on Wed Dec 07, 2022 4:01 am, edited 3 times in total.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
- catweazel
- Level 19
- Posts: 9763
- Joined: Fri Oct 12, 2012 9:44 pm
- Location: Australian Antarctic Territory
Re: have an interesting situation here
hax0ring.DAMIEN1307 wrote:why would the chinese be interested in me...
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
Re: have an interesting situation here
hi catweazel...i kind of thought it was a feeble attempt to to hack port 1433 due to the fact that this port as well as its sister port 1434 is normally used by the Microsoft SQL server...last i thought, wasnt this port probe "worm" type of attack for dropping off the "snake" worm type of malware?... i seem to remember their was something called the "SQL SNAKE" that was used in these type of attacks that if successful, would allow the miscreant to take over administrative rights of an infected system through a penetration of port 1433 and its sister microsoft sql server port 1434 on non stealthed systems let alone even trying that on a linux based system...just another good reason to those who think running in root is just fine because its a single user system as i hear them say "dont nanny me i know what im doing" lol...DAMIEN
- catweazel
- Level 19
- Posts: 9763
- Joined: Fri Oct 12, 2012 9:44 pm
- Location: Australian Antarctic Territory
Re: have an interesting situation here
They wouldn't have been targeting you specifically, rather the IP block your router sits in.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
Re: have an interesting situation here
ok catweazel...my only other thought i had on this subject is this...the 14 computers that were donated to me to give out to schools, kids etc were all dbaned first because they were previously military computers used at a sensitive installation...hence the reason for dban...do not know if its possible or not but since all of them have been on line here during their conversion to peppermint 8, do miscreants have a way to track them through mac address or whatever and maybe thats why im getting probed out of the blue here?...just a thought i had here before my one single thought died of loneliness here lol...DAMIEN
- catweazel
- Level 19
- Posts: 9763
- Joined: Fri Oct 12, 2012 9:44 pm
- Location: Australian Antarctic Territory
Re: have an interesting situation here
Like I said, hackers looking for weaknesses attack whole blocks of IP addresses, not specific machines.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.