Solved

Hack attempt

Posted on 2006-06-29
5
595 Views
Last Modified: 2008-02-01
Hi gang - I've got an ftp server at home (using serv-u), and have found the past week or so that someone's been attempting to get in with the administrator account.
I don't have an "administrator" account per se', but serv-u replies (account ok, proceed with password).

I've since locked down my only 'admin' account so that I can't browse outside of my shared folder, but I'm a bit concerned that this is happening.

The IP is coming from 61.241.112.37 which appears to be from Asia Pacific Network Information Centre.

Now my question - I used to be able to block certain IP addresses or subnets using my old Linksys router.
Now, I've got two newer ones (WRT54G & RTP300) and can't seem to locate that feature.

Any ideas?
0
Comment
Question by:sirbounty
5 Comments
 

Assisted Solution

by:smokey965
smokey965 earned 50 total points
ID: 17012973
I have a WRT54G.  The block IP address is in the settings.  "192.168.1.1"(Normally)  There is a firmware upgrade from www.sveasoft.com for the router which gives you more options(ex. IP Blocking) and boosts the performace of the router.  The Asian Pacific Center is problly being used as a proxy for someone else.
I would email the tech at the email below.

Asia Pacific Network Information Centre, Contact:
Phone: +61 7 3858 3100
Email: search-apnic-not-arin@apnic.net

0
 
LVL 67

Author Comment

by:sirbounty
ID: 17013318
I did recently upgrade to the latest firmware offered by Linksys - not sure about the one you posted, but I don't see a Block IP Settings that you mentioned...
0
 
LVL 16

Accepted Solution

by:
The--Captain earned 125 total points
ID: 17016522
Does anyone here actually know what APNIC is?  They are the asian equivalent to ARIN - the whois query below clearly indicates that APNIC has nothing to do with the problem (other than containing the IP allocation info for the host in question).  Do you call the publisher of the phone book when you have a problem with a business listed therein?  I didn't think so (especially is the business is in China).

In any case, the following query clearly indicates that the IP in question belongs to "China United Telecommunications Corporation", not the Asia Pacific Network Information Centre.  China has been known as a home to malicious hackers almost as long as the former Soviet Union.   Get used to it, block them as needed, and move on...

Cheers,
-Jon

>whois 61.241.112.37@whois.apnic.net
>[whois.apnic.net]
>% [whois.apnic.net node-1]
>% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html
>
>inetnum:      61.240.0.0 - 61.243.255.255
>netname:      UNICOM
>descr:        China United Telecommunications Corporation
>descr:        No.133,Taiyun Building,Xidan North Street
>descr:        Xicheng District,Beijing,China
>country:      CN
>admin-c:      UCH1-AP
>tech-c:       UCH1-AP
>mnt-by:       APNIC-HM
>mnt-lower:    MAINT-CN-CNNIC-UNICOM
>status:       ALLOCATED PORTABLE
>changed:      hm-changed@apnic.net 20041203
>source:       APNIC
>
>role:         Unicom China Hostmaster
>address:      911 Room,Xin Tong Center,No.8 Beijing Railway Station
>address:      East Avenue, Beijing,PRC.
>country:      CN
>phone:        +86-10-6527-8866
>fax-no:       +86-10-6526-0124
>e-mail:       ip_address@cnuninet.com
>admin-c:      RX9-AP
>tech-c:       RX9-AP
>nic-hdl:      UCH1-AP
>notify:       ip_address@cnuninet.com
>mnt-by:       MAINT-CN-CNNIC-UNICOM
>changed:      hostmaster@apnic.net 20010820
>source:       APNIC


0
 
LVL 67

Author Comment

by:sirbounty
ID: 17016827
I'd love to block the entire subnet - but how?
Serv-U 'supposedly' has a feature to kick-and-ban, but it wasn't working. :(
0
 
LVL 2

Assisted Solution

by:munk33
munk33 earned 75 total points
ID: 17016964
Hi sirbounty :)

Personally i had problems finding a decent "cheap" router.

One router needed rebooting after changing rules, the other didn't but dropped connection intermittently.

If you have an old/spare box try http://www.smoothwall.org/

Smoothwall is easy to setup and easy to use. Also has decent features not found in a standard router.

(smoothwall has an option to block ip's)
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now