Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Chinese trying to break into my PC?

  • 08-12-2005 10:22PM
    #1
    edanto
    Registered Users, Registered Users 2 Posts: 2,809 ✭✭✭


    I'm running W2K with kerio firewall up and this evening I've gotten a couple of 'Incoming Connection Alerts' from varying IP addresses like :

    Direction: incoming
    Local Point: 192.168.1.4, port 1027
    Adapter: Local Area Connection
    Remote Point: 222.134.45.54 [222.134.45.54], port 36832
    Protocol: UDP

    It's confusing because the application that Kerio says is involved in the connection is Kerio itself. So, I first thought could this be some kind of Kerio update? But it's only started since I fired up a Bitcomet download.

    When I went with the IP to whois...

    inetnum: 222.132.0.0 - 222.135.255.255
    netname: CNCGROUP-SD
    descr: CNCGROUP Shandong province network
    descr: China Network Communications Group Corporation
    descr: No.156,Fu-Xing-Men-Nei Street,
    descr: Beijing 100031
    country: CN
    admin-c: CH455-AP
    tech-c: XZ14-AP
    mnt-by: APNIC-HM
    mnt-lower: MAINT-CNCGROUP-SD
    mnt-routes: MAINT-CNCGROUP-SD
    changed: hm-changed@apnic.net 20031211
    status: ALLOCATED PORTABLE
    source: APNIC

    role: CNCGroup Hostmaster
    e-mail: abuse@cnc-noc.net
    address: No.156,Fu-Xing-Men-Nei Street,
    address: Beijing,100031,P.R.China

    After that, I didn't think it was an update - Kerio don't have any offices listed in China.

    Question: what does this mean - Is there anything I should do other than deny the connection requests?


    Thanks.


Comments

  • #2
    cgarvey
    Registered Users, Registered Users 2 Posts: 3,890 ✭✭✭cgarvey


    Sounds like Kerio is just doing it's job and blocking the (Chinese) request for a dodgy port (1027 is a common enough port used for trojans to set up a service on).. so the Chinese guy was probably just trying every IP around you to see if any were open.

    Because Kerio was blocking it (and, hopefully, because you've no program listening on that port), it probably listed itself as the application.

    All sounds OK, just go with the usual advise. Update & rerun your virus scanner and your various adware/spyware scanners.

    .cg


  • #3
    edanto
    Registered Users, Registered Users 2 Posts: 2,809 ✭✭✭edanto


    Doing those updates/scans at the moment - cheers for the expertise.

    all the best

    e


  • #4
    hobie
    Closed Accounts Posts: 1,338 ✭✭✭hobie


    here's a 'My Net watchman report on the IP you mention .....

    http://www.mynetwatchman.com/LID.asp?IID=172684431

    to check for other incidents simply enter the suspect IP in the look up box on MNW ...... there are many coming in from Chinese sources in the past few days ......

    e.g. http://www.mynetwatchman.com/LID.asp?IID=174274522

    http://www.mynetwatchman.com/LID.asp?IID=178530977

    Edanto ...... as a matter of interest .... do you have MSN Messenger in use on your machine when you get the alerts?


  • #5
    edanto
    Registered Users, Registered Users 2 Posts: 2,809 ✭✭✭edanto


    No, I don't use MSN.

    The only thing out of the ordinary was that I had just started a Bitcomet run - and I thought it might be someone trying to take the..eh...linux distro that I was sharing.

    Hadn't heard of mynetwatchman, nice one.


Advertisement