[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 614
  • Last Modified:

Hack attempt

Hi gang - I've got an ftp server at home (using serv-u), and have found the past week or so that someone's been attempting to get in with the administrator account.
I don't have an "administrator" account per se', but serv-u replies (account ok, proceed with password).

I've since locked down my only 'admin' account so that I can't browse outside of my shared folder, but I'm a bit concerned that this is happening.

The IP is coming from 61.241.112.37 which appears to be from Asia Pacific Network Information Centre.

Now my question - I used to be able to block certain IP addresses or subnets using my old Linksys router.
Now, I've got two newer ones (WRT54G & RTP300) and can't seem to locate that feature.

Any ideas?
0
sirbounty
Asked:
sirbounty
3 Solutions
 
smokey965Commented:
I have a WRT54G.  The block IP address is in the settings.  "192.168.1.1"(Normally)  There is a firmware upgrade from www.sveasoft.com for the router which gives you more options(ex. IP Blocking) and boosts the performace of the router.  The Asian Pacific Center is problly being used as a proxy for someone else.
I would email the tech at the email below.

Asia Pacific Network Information Centre, Contact:
Phone: +61 7 3858 3100
Email: search-apnic-not-arin@apnic.net

0
 
sirbountyAuthor Commented:
I did recently upgrade to the latest firmware offered by Linksys - not sure about the one you posted, but I don't see a Block IP Settings that you mentioned...
0
 
The--CaptainCommented:
Does anyone here actually know what APNIC is?  They are the asian equivalent to ARIN - the whois query below clearly indicates that APNIC has nothing to do with the problem (other than containing the IP allocation info for the host in question).  Do you call the publisher of the phone book when you have a problem with a business listed therein?  I didn't think so (especially is the business is in China).

In any case, the following query clearly indicates that the IP in question belongs to "China United Telecommunications Corporation", not the Asia Pacific Network Information Centre.  China has been known as a home to malicious hackers almost as long as the former Soviet Union.   Get used to it, block them as needed, and move on...

Cheers,
-Jon

>whois 61.241.112.37@whois.apnic.net
>[whois.apnic.net]
>% [whois.apnic.net node-1]
>% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html
>
>inetnum:      61.240.0.0 - 61.243.255.255
>netname:      UNICOM
>descr:        China United Telecommunications Corporation
>descr:        No.133,Taiyun Building,Xidan North Street
>descr:        Xicheng District,Beijing,China
>country:      CN
>admin-c:      UCH1-AP
>tech-c:       UCH1-AP
>mnt-by:       APNIC-HM
>mnt-lower:    MAINT-CN-CNNIC-UNICOM
>status:       ALLOCATED PORTABLE
>changed:      hm-changed@apnic.net 20041203
>source:       APNIC
>
>role:         Unicom China Hostmaster
>address:      911 Room,Xin Tong Center,No.8 Beijing Railway Station
>address:      East Avenue, Beijing,PRC.
>country:      CN
>phone:        +86-10-6527-8866
>fax-no:       +86-10-6526-0124
>e-mail:       ip_address@cnuninet.com
>admin-c:      RX9-AP
>tech-c:       RX9-AP
>nic-hdl:      UCH1-AP
>notify:       ip_address@cnuninet.com
>mnt-by:       MAINT-CN-CNNIC-UNICOM
>changed:      hostmaster@apnic.net 20010820
>source:       APNIC


0
 
sirbountyAuthor Commented:
I'd love to block the entire subnet - but how?
Serv-U 'supposedly' has a feature to kick-and-ban, but it wasn't working. :(
0
 
munk33Commented:
Hi sirbounty :)

Personally i had problems finding a decent "cheap" router.

One router needed rebooting after changing rules, the other didn't but dropped connection intermittently.

If you have an old/spare box try http://www.smoothwall.org/

Smoothwall is easy to setup and easy to use. Also has decent features not found in a standard router.

(smoothwall has an option to block ip's)
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now