single ip address attempts to connect to my comp 4 times an hour all day long...

Discussion in 'Windows Desktop Systems' started by baser5nature, Jan 29, 2003.

  1. baser5nature

    baser5nature OSNN Addict

    Messages:
    182
    Location:
    Ontario, Canada
    I know the IP address of someone who is attempting to connect with my computer... they must have it scheduled or something... it happens 4 times an hour all day long...

    I have reported the IP to my service provider since the IP belongs to my service provider... but the attacks continue...

    any hints or tips to get rid of this punk?
     
  2. sdibias

    sdibias Guest

    What did your ISP say? What port are they trying to connect on?
    Are you using DHCP?
     
  3. baser5nature

    baser5nature OSNN Addict

    Messages:
    182
    Location:
    Ontario, Canada
    - ISP has only auto-replied so far...
    - using DHCP...
    - the IP tries to connect on ports, 80, 137, 1024, 1025, 1434, 1436, and others...

    I just switched network cards in order to get a new IP cause i was getting about 700 connect attempts a day... i installed zonealarmpro this past thursday and i have accumulated 2961 blocked intrusions as of this message... since switching nic's yesterday (the 28th of jan) i've had about 300 blocked intrusions...

    I tried the trick to switch IP addresses that was posted here in the last few days, but shortly didn't find an available IP for the few minutes I was playing around with it... I suppose i could try again...
     
  4. Zedric

    Zedric NTFS Guru Folding Team

    Messages:
    4,006
    Location:
    Sweden
    Short question: is the "bad guy" on the same IP range as you or is it an entirely different range?
     
  5. Kr0m

    Kr0m Moderator

    Messages:
    1,390
    Location:
    Turtle Island
    Switching IP addresses could get you into more trouble than what it's worth.
     
  6. baser5nature

    baser5nature OSNN Addict

    Messages:
    182
    Location:
    Ontario, Canada
    good guy: xxx.xxx.xx8.28
    bad guy : xxx.xxx.xx7.85


    x's are common to both ip's... this guy is probably scanning a whole range of addresses, and that's more than likely why it seems scheduled... it takes about 40 minutes for his scanner to go through the range... my question now is: don't most scanning programs tag an ip as vulnerable, or protected and then either log it or not... if he keeps getting blocked as ZAPRO says he is, why do i keep getting scanned?
     
  7. Zedric

    Zedric NTFS Guru Folding Team

    Messages:
    4,006
    Location:
    Sweden
    Maybe he's waiting for new holes? A stealthed port looks the same as a turned off computer so he may be waiting for people to turn on their computers. It's probably a script kiddie so he probably don't know what he's doing anyway. :)

    When you mailed your ISP did you main abuse or customer service? Always mail abuse (often abuse@the.isp.com) and include:
    1. Attackers IP.
    2. Your IP.
    3. Printouts from your firewall and/or screenshots.
    4. Your info (customer number etc.) might help too.

    If you mail customer service it can take forever.
     
  8. baser5nature

    baser5nature OSNN Addict

    Messages:
    182
    Location:
    Ontario, Canada
    yeah... i did all that... i probably just have to wait a few more days until my isp does something... they are one of only two broadband providers in my area so they probably have their hands full with this kind of stuff...