Solved

Hack attempt

Posted on 2006-06-29
5
607 Views
Last Modified: 2008-02-01
Hi gang - I've got an ftp server at home (using serv-u), and have found the past week or so that someone's been attempting to get in with the administrator account.
I don't have an "administrator" account per se', but serv-u replies (account ok, proceed with password).

I've since locked down my only 'admin' account so that I can't browse outside of my shared folder, but I'm a bit concerned that this is happening.

The IP is coming from 61.241.112.37 which appears to be from Asia Pacific Network Information Centre.

Now my question - I used to be able to block certain IP addresses or subnets using my old Linksys router.
Now, I've got two newer ones (WRT54G & RTP300) and can't seem to locate that feature.

Any ideas?
0
Comment
Question by:sirbounty
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 

Assisted Solution

by:smokey965
smokey965 earned 50 total points
ID: 17012973
I have a WRT54G.  The block IP address is in the settings.  "192.168.1.1"(Normally)  There is a firmware upgrade from www.sveasoft.com for the router which gives you more options(ex. IP Blocking) and boosts the performace of the router.  The Asian Pacific Center is problly being used as a proxy for someone else.
I would email the tech at the email below.

Asia Pacific Network Information Centre, Contact:
Phone: +61 7 3858 3100
Email: search-apnic-not-arin@apnic.net

0
 
LVL 67

Author Comment

by:sirbounty
ID: 17013318
I did recently upgrade to the latest firmware offered by Linksys - not sure about the one you posted, but I don't see a Block IP Settings that you mentioned...
0
 
LVL 16

Accepted Solution

by:
The--Captain earned 125 total points
ID: 17016522
Does anyone here actually know what APNIC is?  They are the asian equivalent to ARIN - the whois query below clearly indicates that APNIC has nothing to do with the problem (other than containing the IP allocation info for the host in question).  Do you call the publisher of the phone book when you have a problem with a business listed therein?  I didn't think so (especially is the business is in China).

In any case, the following query clearly indicates that the IP in question belongs to "China United Telecommunications Corporation", not the Asia Pacific Network Information Centre.  China has been known as a home to malicious hackers almost as long as the former Soviet Union.   Get used to it, block them as needed, and move on...

Cheers,
-Jon

>whois 61.241.112.37@whois.apnic.net
>[whois.apnic.net]
>% [whois.apnic.net node-1]
>% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html
>
>inetnum:      61.240.0.0 - 61.243.255.255
>netname:      UNICOM
>descr:        China United Telecommunications Corporation
>descr:        No.133,Taiyun Building,Xidan North Street
>descr:        Xicheng District,Beijing,China
>country:      CN
>admin-c:      UCH1-AP
>tech-c:       UCH1-AP
>mnt-by:       APNIC-HM
>mnt-lower:    MAINT-CN-CNNIC-UNICOM
>status:       ALLOCATED PORTABLE
>changed:      hm-changed@apnic.net 20041203
>source:       APNIC
>
>role:         Unicom China Hostmaster
>address:      911 Room,Xin Tong Center,No.8 Beijing Railway Station
>address:      East Avenue, Beijing,PRC.
>country:      CN
>phone:        +86-10-6527-8866
>fax-no:       +86-10-6526-0124
>e-mail:       ip_address@cnuninet.com
>admin-c:      RX9-AP
>tech-c:       RX9-AP
>nic-hdl:      UCH1-AP
>notify:       ip_address@cnuninet.com
>mnt-by:       MAINT-CN-CNNIC-UNICOM
>changed:      hostmaster@apnic.net 20010820
>source:       APNIC


0
 
LVL 67

Author Comment

by:sirbounty
ID: 17016827
I'd love to block the entire subnet - but how?
Serv-U 'supposedly' has a feature to kick-and-ban, but it wasn't working. :(
0
 
LVL 2

Assisted Solution

by:munk33
munk33 earned 75 total points
ID: 17016964
Hi sirbounty :)

Personally i had problems finding a decent "cheap" router.

One router needed rebooting after changing rules, the other didn't but dropped connection intermittently.

If you have an old/spare box try http://www.smoothwall.org/

Smoothwall is easy to setup and easy to use. Also has decent features not found in a standard router.

(smoothwall has an option to block ip's)
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question