Can't Block IP address

[Sparticus]

Pull his keyboard.

There ya go, simple easy solution. Hey ya know the school and the room number. 

[mudmanc4]

Just a but of info , you most likely have all this already

TraceRoute to 58.207.176.210

Hop (ms) (ms) (ms) IP Address Host name

1 0 0 0 66.98.244.1 gphou-66-98-244-1.ev1servers.net

2 1 0 0 66.98.241.16 gphou-66-98-241-16.ev1servers.net

3 0 0 0 66.98.240.6 gphou-66-98-240-6.ev1servers.net

4 2 1 1 129.250.10.229 ge-1-13.r04.hstntx01.us.bb.gin.ntt.net

5 1 2 2 129.250.4.106 xe-4-2.r03.hstntx01.us.bb.gin.ntt.net

6 1 1 1 129.250.2.228 xe-0-1-0.r20.hstntx01.us.bb.gin.ntt.net

7 7 7 7 129.250.4.70 p64-1-3-0.r20.dllstx09.us.bb.gin.ntt.net

8 40 39 39 129.250.5.25 p64-0-1-0.r21.asbnva01.us.bb.gin.ntt.net

9 39 39 39 129.250.2.16 ae-0.r20.asbnva01.us.bb.gin.ntt.net

10 40 39 39 129.250.9.142 p16-0.dt.asbnva01.us.bb.gin.ntt.net

11 Timed out Timed out Timed out -

12 Timed out Timed out 345 217.6.25.198 -

13 376 377 378 202.112.61.17 -

14 Timed out 378 Timed out 202.112.61.193 -

15 378 Timed out Timed out 202.112.53.181 -

16 378 379 Timed out 202.112.5.242 -

17 Destination host unreachable Destination host unreachable Destination host unreachable -

18 Destination host unreachable Destination host unreachable Destination host unreachable -

19 Destination host unreachable Timed out Timed out -

20 Destination host unreachable Timed out Timed out -

Trace aborted.

Network IP address lookup:

Xwhois query for 58.207.176.210...

Results returned from whois.apnic.net:

% [whois.apnic.net node-1]

% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      58.207.176.0 - 58.207.191.255

netname:      COLXAI-CN

descr:       ~{PBR5Nq7"U92?~}-~{!0=LS}MxV1M(35!1OnD?~}-~{Nw025XGx8_P#~}

descr:       CERNET ONLINE Information Technology Ltd.

descr:       Beijing 100013, China

country:      CN

remarks:      conn-id XA002130

admin-c:      JM581-AP

tech-c:      JM581-AP

tech-c:      CER-AP

remarks:      origin AS4538

changed:      [email protected] 20060512

mnt-by:      MAINT-CERNET-AP

status:      ASSIGNED NON-PORTABLE

source:      APNIC

role:        CERNET Helpdesk

address:      Room 224, Main Building

address:      Tsinghua University

address:      Beijing 100084, China

country:      CN

phone:        +86-10-6278-4049

fax-no:      +86-10-6278-5933

e-mail:      [email protected]

trouble:      [email protected]

admin-c:      XL1-CN

tech-c:      SZ2-AP

nic-hdl:      CER-AP

remarks:      Point of Contact for admin-c

mnt-by:      MAINT-CERNET-AP

changed:      [email protected] 20010903

source:      APNIC

person:      Junfeng Ma

address:      Technology Department

address:      CERNET ONLINE Information Technology Ltd.

address:      Beijing 100013, China

country:      CN

nic-hdl:      JM581-AP

e-mail:      [email protected]

phone:       +86-10-8422-8522 ext. 8202

fax-no:      +86-10-8422-8522 ext. 8602

changed:      [email protected] 20060420

mnt-by:      MAINT-CERNET-AP

source:      APNIC

[Sparticus]

Hey dlewis email the abuse adress haha

[dlewis23]

Hey dlewis email the abuse adress haha

yea that will stop him.

[dlewis23]

AH!!!!

they keep doing this to me....  :tickedoff:

[Sparticus]

Do you think they are doing it on purpose?

[mudmanc4]

What the hell is running? can you tell?

[dlewis23]

Do you think they are doing it on purpose?

yes, there is so way it could not be done on purpose.

[dlewis23]

What the hell is running? can you tell?

he is just opening 100's of connections.

[mudmanc4]

he is just opening 100's of connections.

and this causes CPU overload? hows that ? Theres gotta be a something running doesnt there?

[dlewis23]

and this causes CPU overload? hows that ? Theres gotta be a something running doesnt there?

the more connections that are open the more processes that are running the more the cpu is used.

and he is using alot of ram too.

[Sparticus]

How is he opening hundreds of connections?

[mudmanc4]

the more connections that are open the more processes that are running the more the cpu is used.

Too bad you dont have a mac #

Can you kill the prosesses, or for now lower there priority at least untill you get further?

[dlewis23]

How is he opening hundreds of connections?

I would like to know that too.

Too bad you dont have a mac #

Can you kill the prosesses, or for now lower there priority at least untill you get further?

i can't block the mac address.

if i kill the processes, its fine for 2 seconds till he opens another one.

[Ryan314]

Wait until school is out and then do things to block him while hes not there that way you can take your time and not have him attacking while your blocking?

Or maybe its a hacking class and its practice haha. Maybe the chinese are out to kill our american websites. 

[dlewis23]

Wait until school is out and then do things to block him while hes not there that way you can take your time and not have him attacking while your blocking?

Or maybe its a hacking class and its practice haha. Maybe the chinese are out to kill our american websites. 

hes been going on over 24hrs now, there is no down time with him.

[mudmanc4]

I would like to know that too.

i can't block the mac address.

if i kill the processes, its fine for 2 seconds till he opens another one.

  Once again , obviously , I'm no expert, but seems to me, he has installed  a service running ,(or several) (maybe in a code cave) on your root that monitors connections. Is it strictly TCP or UDP as well?

[dlewis23]

  Once again , obviously , I'm no expert, but seems to me, he has installed  a service running , (maybe in a code cave) on yours that monitors connections. Is it strictly TCP or UDP as well?

its tcp over 80, he is just connecting to my website. If he installed something i would know. My logwatch would tell me that someone else connected to ssh and did this. and nothing is running that shouldn't be running.

[mudmanc4]

its tcp over 80, he is just connecting to my website. If he installed something i would know. My logwatch would tell me that someone else connected to ssh and did this. and nothing is running that shouldn't be running.

granted , then the argument is , how is he (24hrs a day) re-connecting as you kill?

[dlewis23]

granted , then the argument is , how is he (24hrs a day) re-connecting as you kill?

i really don't know how he is, but i'm going to have to block all of Beijing China to stop this guy.

[mudmanc4]

i really don't know how he is, but i'm going to have to block all of Beijing China to stop this guy.

:2funny:

Just sound as if there is data in/outbound, telling his prog, that there has been a loss of connection , and theres only one way that can happen. right?

[Sparticus]

i really don't know how he is, but i'm going to have to block all of Beijing China to stop this guy.

Go for it! Wait how many members do you have in china?

[mudmanc4]

  Take a quick look at this prog.

  http://www.phenoelit.de/arpoc/

may be that your host is attacking you , from another machine on the intranet.

[dlewis23]

Go for it! Wait how many members do you have in china?

alot, 1/3 of my traffic is out of asia.

  Take a quick look at this prog.

  http://www.phenoelit.de/arpoc/

may be that your host is attacking you , from another machine on the intranet.

My host is not attacking me, they would so be out of business if they did.

[mudmanc4]

alot, 1/3 of my traffic is out of asia.

My host is not attacking me, they would so be out of business if they did.

no-no, I stated that incorrectly, sorry. What I should have had said was is there a possibility, there is a program running on the same internal network as you, that could be compromised, therefore able to attackyour machine?

Or maybe you dont use a place where theres more systems around you