Camaradas, necesito el consejo de quien entienda de estas cosas. Mi equipo está protegido con software Panda (legal). Llevo más de un día sufriendo escaneos de puertos. Cada vez que hay uno recibo aviso y me indica desde que ip remota lo intentan, siempre es la misma y comienza por 204.16.
Como supongo que el autor de los escaneos debe ser un aficionado opté por la táctica del "ya se cansará", pero la verdad ya me estoy cansando yo, ya que a veces desconecto el Firewall para ganar velocidad y tengo miedo que me deje tranquilo unos días, yo me confie y vuelva a la carga cuando tenga la guardia baja.
¿Puedo hacer algo?
Tengo una linea ADSL y casi nunca apago el equipo. Ya he hecho varias limpiezas al equipo (no solo con el Panda sino con otros en linea) y está limpio.
Gracias de antemano.
Escaneo de puertos
Moderador: MODERACION
Si te están scanneando los puertos... pues por una parte cuídate de dejar todo cerrado (a ser posible apagado) siempre que puedas... puede durar tiempo... semanas.
Por otro lado, eso es que alguien quiere entrar en tu máquina por que piensa que quizá tengas algo importante, o por que cree que al estar casi siempre encendida puede utilizarla para otras cosas. También está el que te quiere joer por algo... al scannearte te consume tus recursos y ralentiza la máquina.
Suerte.
Por otro lado, eso es que alguien quiere entrar en tu máquina por que piensa que quizá tengas algo importante, o por que cree que al estar casi siempre encendida puede utilizarla para otras cosas. También está el que te quiere joer por algo... al scannearte te consume tus recursos y ralentiza la máquina.
Suerte.
Dame su IP
Hola camarada, pasame su IP al completo y te investigo un poquito haber de donde procede...
Re: Dame su IP
Eso, y luego vamos todos y le forramos a ostias, pero con amor.Spree escribió:Hola camarada, pasame su IP al completo y te investigo un poquito haber de donde procede...
Mantente alerta, Santid, que hay mucho joputa suelto, con demasiado tiempo libre. Mientras dure esto, procura tener siempre activado y actualizado el Panda. Puedes usar programitas del tipo Peer Guardian para bloquear esa IP.
http://www.utilidades-utiles.com/descar ... rdian.html
Pruebalo. Yo lo uso siempre que tengo currando al elefantito, y me da mucha seguridad.
BACKMAN, OAW, 24ª FLOTILLA
-
Cpt_Morgan
- Kommodore
- Mensajes: 9390
- Registrado: 31 Ene 2000 01:00
- Ubicación: 37º58'47''N-1º03'00''W
- Contactar:
-
Mendas
- Leutnant der Reserve
- Mensajes: 7613
- Registrado: 31 Oct 2000 01:00
- Ubicación: en el fondo del mar, matarile rile rile...
¡Venga, en cuanto sepamos donde vive, los comandantes de su ciudad que vayan a correrle de ostias!
Sobre lo del elefante tienes que abrirte los puertos TCP y UDP que vayas a usar.
Sobre lo del elefante tienes que abrirte los puertos TCP y UDP que vayas a usar.
[img]http://smilies.sofrayt.com/^/aiw/dwarf.gif[/img][img]http://smilies.sofrayt.com/^/aiw/orc.gif[/img]
pasate a linux 
bueno ahora en serio, la mayoria de esos escaneos son aleatorios, pillan un rango de ips y las escanean buscando pcs infectados por troyanos con el puerto por defecto abierto, asi que no te deberias preocupar
tambien es que el firewall del panda o el norton saltan muy rapido dando falsos positivos cuando en realidad no son un escaneo, por ejemplo ¿tenias el emule puesto?
lo que puedes hacer para quedarte tranquilo es que si conoces a alguien que el te escanee desde fuera por ejemplo con nmap, haciendolo bien el firewall ni se entera ya veras
y tu te quedas tranquilo
bueno ahora en serio, la mayoria de esos escaneos son aleatorios, pillan un rango de ips y las escanean buscando pcs infectados por troyanos con el puerto por defecto abierto, asi que no te deberias preocupar
tambien es que el firewall del panda o el norton saltan muy rapido dando falsos positivos cuando en realidad no son un escaneo, por ejemplo ¿tenias el emule puesto?
lo que puedes hacer para quedarte tranquilo es que si conoces a alguien que el te escanee desde fuera por ejemplo con nmap, haciendolo bien el firewall ni se entera ya veras
y tu te quedas tranquiloAl parecer es un conocido HdP.
http://answers.yahoo.com/question/index ... 634AAZCTOC
http://www.wirelessforums.org/comp-secu ... -9186.html
Y simplemente mirando en google aparece 144 veces esa Ip.
Alguien deberia hacer algo.
http://answers.yahoo.com/question/index ... 634AAZCTOC
http://www.wirelessforums.org/comp-secu ... -9186.html
Y simplemente mirando en google aparece 144 veces esa Ip.
Alguien deberia hacer algo.
Última edición por Siurell el 14 Dic 2006 20:16, editado 1 vez en total.
OrgName: FAST COLOCATION SERVICES
OrgID: FCS-73
Address: 3791 N. Edgewater Dr
City: Wasilla
StateProv: AK
PostalCode: 99654
Country: US
NetRange: 204.16.208.0 - 204.16.211.255
CIDR: 204.16.208.0/22
NetName: FC-BLK-1
NetHandle: NET-204-16-208-0-1
Parent: NET-204-0-0-0-0
NetType: Direct Allocation
NameServer: SANDY.THEHIDEOUT.NET
NameServer: SANDY2.THEHIDEOUT.NET
Comment: For Abuse Notices please visit http://www.fastcolocation.net/abuse/
RegDate: 2005-11-07
Updated: 2006-07-31
RAbuseHandle: NAD41-ARIN
RAbuseName: NOC Abuse Department
RAbusePhone: +1-703-637-6336
RAbuseEmail: abusedept@fastcolocation.net
RNOCHandle: NOC1938-ARIN
RNOCName: Network Operations Center
RNOCPhone: +1-703-286-2487
RNOCEmail: noc@fastcolocation.net
RTechHandle: NOC1938-ARIN
RTechName: Network Operations Center
RTechPhone: +1-703-286-2487
RTechEmail: noc@fastcolocation.net
OrgAbuseHandle: NAD41-ARIN
OrgAbuseName: NOC Abuse Department
OrgAbusePhone: +1-703-637-6336
OrgAbuseEmail: abusedept@fastcolocation.net
OrgTechHandle: NOC1938-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-703-286-2487
OrgTechEmail: noc@fastcolocation.net
# ARIN WHOIS database, last updated 2006-12-13 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
OrgID: FCS-73
Address: 3791 N. Edgewater Dr
City: Wasilla
StateProv: AK
PostalCode: 99654
Country: US
NetRange: 204.16.208.0 - 204.16.211.255
CIDR: 204.16.208.0/22
NetName: FC-BLK-1
NetHandle: NET-204-16-208-0-1
Parent: NET-204-0-0-0-0
NetType: Direct Allocation
NameServer: SANDY.THEHIDEOUT.NET
NameServer: SANDY2.THEHIDEOUT.NET
Comment: For Abuse Notices please visit http://www.fastcolocation.net/abuse/
RegDate: 2005-11-07
Updated: 2006-07-31
RAbuseHandle: NAD41-ARIN
RAbuseName: NOC Abuse Department
RAbusePhone: +1-703-637-6336
RAbuseEmail: abusedept@fastcolocation.net
RNOCHandle: NOC1938-ARIN
RNOCName: Network Operations Center
RNOCPhone: +1-703-286-2487
RNOCEmail: noc@fastcolocation.net
RTechHandle: NOC1938-ARIN
RTechName: Network Operations Center
RTechPhone: +1-703-286-2487
RTechEmail: noc@fastcolocation.net
OrgAbuseHandle: NAD41-ARIN
OrgAbuseName: NOC Abuse Department
OrgAbusePhone: +1-703-637-6336
OrgAbuseEmail: abusedept@fastcolocation.net
OrgTechHandle: NOC1938-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-703-286-2487
OrgTechEmail: noc@fastcolocation.net
# ARIN WHOIS database, last updated 2006-12-13 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Esta es una de las respuestas interesantes. En ella una persona realizo una queja a la compañia. La contestation ...npi. Lo mas probable es que ese ordenador este hackeado y el capullo HDP se oculte tras esa maquina o otras maquinas para ir jodiendo a los demas. Lo mejor que podria pasar es que el programa intente entrar en alguna maquina "sensible" con dominio.gov... 
. Esa es la manera mas segura de que se follen al culpable.
PORTSCAN
http://www.fastcolocation.com is the home web site. It's a web hosting
service.
Email/Contact info at verycheapdomains(dot)net Phone Number +1 703 286
2487, Fax: +1 510 279 5802 Street 3791 N. Edgewater Dr City Wasilla
State ak (Alaska) Postalcode 99654 Country United States
I called their customer service last week.
http://fastcolocation.com./support.html
-"All customers of Fast Colocation can reach the Data Center 24 hours
a day. If you require emergency assistance, you can call the data
center direct: 510-580-4100"
-I made it clear that I was not a customer and the representative was
still concerned and interested in getting the IP address that was
portscanning me.
-I asked him about the abuse notification page and he assured me that
the IP addy was all that was important on the form. It didn't work
for me either though.
-Fortunately I pressed him for an e-mail address for follow through,
and was told to contact support@he.net , this was the exchange that
took place:
____
Hello,
I have gotten several firewall alerts of Portscan intrusion from this
IP address, four times in the past two days.
204.16.208.135 (13364)
-You customer service rep told me to email this addy to report this
abuse - after taking down the IP addy as well.
-I have googled this IP addy, your company and other details of this
and it seems to be a problem all over the globe.
Thank You,
__
(I got an auto reply for each one which I am NOT including)
Reply:
Your's is actually the second complaint we've seen regarding the IP
address 204.16.208.135. Unfortunately, the IP address does not belong
to us, as shown by ARIN WHOIS records [1]. We have no authorative
control over the IP addresses within that block, nor the servers
operated therein. The best way to go about resolving this issue is for
you to contact Fast Colocation [2] with your complaint, as the IP
address is owned by them. Only after a reasonable amount of time has
past and the issue remains unresolved can we, the bandwidth provider,
take action per our Acceptable Use Policy (AUP).
[1] - http://ws.arin.net/whois?queryinput=204.16.208.135 (<you can look
up IP addy's here)
[2] - http://www.fastcolocation.net/abuse/
Jeff Walter
Network Engineer
Hurricane Electric
My reply back:
Actually, it was fastcolocation customer service that told me to e-mail
you -- as opposed to giving me their e-mail.
510-580-4100
His reply back:
They do list our phone number as being for "their" data center. This is
not the same as their actual phone numbers (those shown in the ARIN
WHOIS), nor is it the same as their email addresses. Sadly, nothing but
confusion results from them listing our phone number on their site.
Jeff Walter
Hurricane Electric
____
As far as I can practically tell, these people/companies are legit so
we need to spread this info around -perhaps link to this page if
nothing else, because everyone's getting hit.
My suggestions,
--Call fastcolocation, (the web hosting service for IP 204.16.208.135)
and report it: 510-580-4100
--Email Hurricane electric (the bandwidth provider) and report it:
support@he.net
I'm getting ready to call them again (and email H.E.) -Thank God for
free nights and weekends eh?
-Good luck
. Esa es la manera mas segura de que se follen al culpable.PORTSCAN
http://www.fastcolocation.com is the home web site. It's a web hosting
service.
Email/Contact info at verycheapdomains(dot)net Phone Number +1 703 286
2487, Fax: +1 510 279 5802 Street 3791 N. Edgewater Dr City Wasilla
State ak (Alaska) Postalcode 99654 Country United States
I called their customer service last week.
http://fastcolocation.com./support.html
-"All customers of Fast Colocation can reach the Data Center 24 hours
a day. If you require emergency assistance, you can call the data
center direct: 510-580-4100"
-I made it clear that I was not a customer and the representative was
still concerned and interested in getting the IP address that was
portscanning me.
-I asked him about the abuse notification page and he assured me that
the IP addy was all that was important on the form. It didn't work
for me either though.
-Fortunately I pressed him for an e-mail address for follow through,
and was told to contact support@he.net , this was the exchange that
took place:
____
Hello,
I have gotten several firewall alerts of Portscan intrusion from this
IP address, four times in the past two days.
204.16.208.135 (13364)
-You customer service rep told me to email this addy to report this
abuse - after taking down the IP addy as well.
-I have googled this IP addy, your company and other details of this
and it seems to be a problem all over the globe.
Thank You,
__
(I got an auto reply for each one which I am NOT including)
Reply:
Your's is actually the second complaint we've seen regarding the IP
address 204.16.208.135. Unfortunately, the IP address does not belong
to us, as shown by ARIN WHOIS records [1]. We have no authorative
control over the IP addresses within that block, nor the servers
operated therein. The best way to go about resolving this issue is for
you to contact Fast Colocation [2] with your complaint, as the IP
address is owned by them. Only after a reasonable amount of time has
past and the issue remains unresolved can we, the bandwidth provider,
take action per our Acceptable Use Policy (AUP).
[1] - http://ws.arin.net/whois?queryinput=204.16.208.135 (<you can look
up IP addy's here)
[2] - http://www.fastcolocation.net/abuse/
Jeff Walter
Network Engineer
Hurricane Electric
My reply back:
Actually, it was fastcolocation customer service that told me to e-mail
you -- as opposed to giving me their e-mail.
510-580-4100
His reply back:
They do list our phone number as being for "their" data center. This is
not the same as their actual phone numbers (those shown in the ARIN
WHOIS), nor is it the same as their email addresses. Sadly, nothing but
confusion results from them listing our phone number on their site.
Jeff Walter
Hurricane Electric
____
As far as I can practically tell, these people/companies are legit so
we need to spread this info around -perhaps link to this page if
nothing else, because everyone's getting hit.
My suggestions,
--Call fastcolocation, (the web hosting service for IP 204.16.208.135)
and report it: 510-580-4100
--Email Hurricane electric (the bandwidth provider) and report it:
support@he.net
I'm getting ready to call them again (and email H.E.) -Thank God for
free nights and weekends eh?
-Good luck
