Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Hack attempt

Posted on 2006-06-29
5
Medium Priority
?
611 Views
Last Modified: 2008-02-01
Hi gang - I've got an ftp server at home (using serv-u), and have found the past week or so that someone's been attempting to get in with the administrator account.
I don't have an "administrator" account per se', but serv-u replies (account ok, proceed with password).

I've since locked down my only 'admin' account so that I can't browse outside of my shared folder, but I'm a bit concerned that this is happening.

The IP is coming from 61.241.112.37 which appears to be from Asia Pacific Network Information Centre.

Now my question - I used to be able to block certain IP addresses or subnets using my old Linksys router.
Now, I've got two newer ones (WRT54G & RTP300) and can't seem to locate that feature.

Any ideas?
0
Comment
Question by:sirbounty
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 

Assisted Solution

by:smokey965
smokey965 earned 200 total points
ID: 17012973
I have a WRT54G.  The block IP address is in the settings.  "192.168.1.1"(Normally)  There is a firmware upgrade from www.sveasoft.com for the router which gives you more options(ex. IP Blocking) and boosts the performace of the router.  The Asian Pacific Center is problly being used as a proxy for someone else.
I would email the tech at the email below.

Asia Pacific Network Information Centre, Contact:
Phone: +61 7 3858 3100
Email: search-apnic-not-arin@apnic.net

0
 
LVL 67

Author Comment

by:sirbounty
ID: 17013318
I did recently upgrade to the latest firmware offered by Linksys - not sure about the one you posted, but I don't see a Block IP Settings that you mentioned...
0
 
LVL 16

Accepted Solution

by:
The--Captain earned 500 total points
ID: 17016522
Does anyone here actually know what APNIC is?  They are the asian equivalent to ARIN - the whois query below clearly indicates that APNIC has nothing to do with the problem (other than containing the IP allocation info for the host in question).  Do you call the publisher of the phone book when you have a problem with a business listed therein?  I didn't think so (especially is the business is in China).

In any case, the following query clearly indicates that the IP in question belongs to "China United Telecommunications Corporation", not the Asia Pacific Network Information Centre.  China has been known as a home to malicious hackers almost as long as the former Soviet Union.   Get used to it, block them as needed, and move on...

Cheers,
-Jon

>whois 61.241.112.37@whois.apnic.net
>[whois.apnic.net]
>% [whois.apnic.net node-1]
>% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html
>
>inetnum:      61.240.0.0 - 61.243.255.255
>netname:      UNICOM
>descr:        China United Telecommunications Corporation
>descr:        No.133,Taiyun Building,Xidan North Street
>descr:        Xicheng District,Beijing,China
>country:      CN
>admin-c:      UCH1-AP
>tech-c:       UCH1-AP
>mnt-by:       APNIC-HM
>mnt-lower:    MAINT-CN-CNNIC-UNICOM
>status:       ALLOCATED PORTABLE
>changed:      hm-changed@apnic.net 20041203
>source:       APNIC
>
>role:         Unicom China Hostmaster
>address:      911 Room,Xin Tong Center,No.8 Beijing Railway Station
>address:      East Avenue, Beijing,PRC.
>country:      CN
>phone:        +86-10-6527-8866
>fax-no:       +86-10-6526-0124
>e-mail:       ip_address@cnuninet.com
>admin-c:      RX9-AP
>tech-c:       RX9-AP
>nic-hdl:      UCH1-AP
>notify:       ip_address@cnuninet.com
>mnt-by:       MAINT-CN-CNNIC-UNICOM
>changed:      hostmaster@apnic.net 20010820
>source:       APNIC


0
 
LVL 67

Author Comment

by:sirbounty
ID: 17016827
I'd love to block the entire subnet - but how?
Serv-U 'supposedly' has a feature to kick-and-ban, but it wasn't working. :(
0
 
LVL 2

Assisted Solution

by:munk33
munk33 earned 300 total points
ID: 17016964
Hi sirbounty :)

Personally i had problems finding a decent "cheap" router.

One router needed rebooting after changing rules, the other didn't but dropped connection intermittently.

If you have an old/spare box try http://www.smoothwall.org/

Smoothwall is easy to setup and easy to use. Also has decent features not found in a standard router.

(smoothwall has an option to block ip's)
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question