Solved

Hack attempt

Posted on 2006-06-29
5
598 Views
Last Modified: 2008-02-01
Hi gang - I've got an ftp server at home (using serv-u), and have found the past week or so that someone's been attempting to get in with the administrator account.
I don't have an "administrator" account per se', but serv-u replies (account ok, proceed with password).

I've since locked down my only 'admin' account so that I can't browse outside of my shared folder, but I'm a bit concerned that this is happening.

The IP is coming from 61.241.112.37 which appears to be from Asia Pacific Network Information Centre.

Now my question - I used to be able to block certain IP addresses or subnets using my old Linksys router.
Now, I've got two newer ones (WRT54G & RTP300) and can't seem to locate that feature.

Any ideas?
0
Comment
Question by:sirbounty
5 Comments
 

Assisted Solution

by:smokey965
smokey965 earned 50 total points
ID: 17012973
I have a WRT54G.  The block IP address is in the settings.  "192.168.1.1"(Normally)  There is a firmware upgrade from www.sveasoft.com for the router which gives you more options(ex. IP Blocking) and boosts the performace of the router.  The Asian Pacific Center is problly being used as a proxy for someone else.
I would email the tech at the email below.

Asia Pacific Network Information Centre, Contact:
Phone: +61 7 3858 3100
Email: search-apnic-not-arin@apnic.net

0
 
LVL 67

Author Comment

by:sirbounty
ID: 17013318
I did recently upgrade to the latest firmware offered by Linksys - not sure about the one you posted, but I don't see a Block IP Settings that you mentioned...
0
 
LVL 16

Accepted Solution

by:
The--Captain earned 125 total points
ID: 17016522
Does anyone here actually know what APNIC is?  They are the asian equivalent to ARIN - the whois query below clearly indicates that APNIC has nothing to do with the problem (other than containing the IP allocation info for the host in question).  Do you call the publisher of the phone book when you have a problem with a business listed therein?  I didn't think so (especially is the business is in China).

In any case, the following query clearly indicates that the IP in question belongs to "China United Telecommunications Corporation", not the Asia Pacific Network Information Centre.  China has been known as a home to malicious hackers almost as long as the former Soviet Union.   Get used to it, block them as needed, and move on...

Cheers,
-Jon

>whois 61.241.112.37@whois.apnic.net
>[whois.apnic.net]
>% [whois.apnic.net node-1]
>% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html
>
>inetnum:      61.240.0.0 - 61.243.255.255
>netname:      UNICOM
>descr:        China United Telecommunications Corporation
>descr:        No.133,Taiyun Building,Xidan North Street
>descr:        Xicheng District,Beijing,China
>country:      CN
>admin-c:      UCH1-AP
>tech-c:       UCH1-AP
>mnt-by:       APNIC-HM
>mnt-lower:    MAINT-CN-CNNIC-UNICOM
>status:       ALLOCATED PORTABLE
>changed:      hm-changed@apnic.net 20041203
>source:       APNIC
>
>role:         Unicom China Hostmaster
>address:      911 Room,Xin Tong Center,No.8 Beijing Railway Station
>address:      East Avenue, Beijing,PRC.
>country:      CN
>phone:        +86-10-6527-8866
>fax-no:       +86-10-6526-0124
>e-mail:       ip_address@cnuninet.com
>admin-c:      RX9-AP
>tech-c:       RX9-AP
>nic-hdl:      UCH1-AP
>notify:       ip_address@cnuninet.com
>mnt-by:       MAINT-CN-CNNIC-UNICOM
>changed:      hostmaster@apnic.net 20010820
>source:       APNIC


0
 
LVL 67

Author Comment

by:sirbounty
ID: 17016827
I'd love to block the entire subnet - but how?
Serv-U 'supposedly' has a feature to kick-and-ban, but it wasn't working. :(
0
 
LVL 2

Assisted Solution

by:munk33
munk33 earned 75 total points
ID: 17016964
Hi sirbounty :)

Personally i had problems finding a decent "cheap" router.

One router needed rebooting after changing rules, the other didn't but dropped connection intermittently.

If you have an old/spare box try http://www.smoothwall.org/

Smoothwall is easy to setup and easy to use. Also has decent features not found in a standard router.

(smoothwall has an option to block ip's)
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
NAS with google authentication 6 98
eigrp routing loop 5 38
VPN Connection WIndows 10 5 32
Cisco 5508 WLC software upgrade 2 28
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now