Jump to content
Sign in to follow this  
dlewis23

Can't Block IP address

Recommended Posts

Just a but of info , you most likely have all this already :smile2:

TraceRoute to 58.207.176.210

Hop (ms) (ms) (ms) IP Address Host name

1 0 0 0 66.98.244.1 gphou-66-98-244-1.ev1servers.net

2 1 0 0 66.98.241.16 gphou-66-98-241-16.ev1servers.net

3 0 0 0 66.98.240.6 gphou-66-98-240-6.ev1servers.net

4 2 1 1 129.250.10.229 ge-1-13.r04.hstntx01.us.bb.gin.ntt.net

5 1 2 2 129.250.4.106 xe-4-2.r03.hstntx01.us.bb.gin.ntt.net

6 1 1 1 129.250.2.228 xe-0-1-0.r20.hstntx01.us.bb.gin.ntt.net

7 7 7 7 129.250.4.70 p64-1-3-0.r20.dllstx09.us.bb.gin.ntt.net

8 40 39 39 129.250.5.25 p64-0-1-0.r21.asbnva01.us.bb.gin.ntt.net

9 39 39 39 129.250.2.16 ae-0.r20.asbnva01.us.bb.gin.ntt.net

10 40 39 39 129.250.9.142 p16-0.dt.asbnva01.us.bb.gin.ntt.net

11 Timed out Timed out Timed out -

12 Timed out Timed out 345 217.6.25.198 -

13 376 377 378 202.112.61.17 -

14 Timed out 378 Timed out 202.112.61.193 -

15 378 Timed out Timed out 202.112.53.181 -

16 378 379 Timed out 202.112.5.242 -

17 Destination host unreachable Destination host unreachable Destination host unreachable -

18 Destination host unreachable Destination host unreachable Destination host unreachable -

19 Destination host unreachable Timed out Timed out -

20 Destination host unreachable Timed out Timed out -

Trace aborted.

Network IP address lookup:

Xwhois query for 58.207.176.210...

Results returned from whois.apnic.net:

% [whois.apnic.net node-1]

% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      58.207.176.0 - 58.207.191.255

netname:      COLXAI-CN

descr:       ~{PBR5Nq7"U92?~}-~{!0=LS}MxV1M(35!1OnD?~}-~{Nw025XGx8_P#~}

descr:       CERNET ONLINE Information Technology Ltd.

descr:       Beijing 100013, China

country:      CN

remarks:      conn-id XA002130

admin-c:      JM581-AP

tech-c:      JM581-AP

tech-c:      CER-AP

remarks:      origin AS4538

changed:      [email protected] 20060512

mnt-by:      MAINT-CERNET-AP

status:      ASSIGNED NON-PORTABLE

source:      APNIC

role:        CERNET Helpdesk

address:      Room 224, Main Building

address:      Tsinghua University

address:      Beijing 100084, China

country:      CN

phone:        +86-10-6278-4049

fax-no:      +86-10-6278-5933

e-mail:      [email protected]

trouble:      [email protected]

admin-c:      XL1-CN

tech-c:      SZ2-AP

nic-hdl:      CER-AP

remarks:      Point of Contact for admin-c

mnt-by:      MAINT-CERNET-AP

changed:      [email protected] 20010903

source:      APNIC

person:      Junfeng Ma

address:      Technology Department

address:      CERNET ONLINE Information Technology Ltd.

address:      Beijing 100013, China

country:      CN

nic-hdl:      JM581-AP

e-mail:      [email protected]

phone:       +86-10-8422-8522 ext. 8202

fax-no:      +86-10-8422-8522 ext. 8602

changed:      [email protected] 20060420

mnt-by:      MAINT-CERNET-AP

source:      APNIC

Share this post


Link to post
Share on other sites

How is he opening hundreds of connections?

I would like to know that too.

Too bad you dont have a mac #

Can you kill the prosesses, or for now lower there priority at least untill you get further?

i can't block the mac address.

if i kill the processes, its fine for 2 seconds till he opens another one.

Share this post


Link to post
Share on other sites

Wait until school is out and then do things to block him while hes not there that way you can take your time and not have him attacking while your blocking?

Or maybe its a hacking class and its practice haha. Maybe the chinese are out to kill our american websites.  :2funny:

Share this post


Link to post
Share on other sites

Wait until school is out and then do things to block him while hes not there that way you can take your time and not have him attacking while your blocking?

Or maybe its a hacking class and its practice haha. Maybe the chinese are out to kill our american websites.  :2funny:

hes been going on over 24hrs now, there is no down time with him.

Share this post


Link to post
Share on other sites

I would like to know that too.

i can't block the mac address.

if i kill the processes, its fine for 2 seconds till he opens another one.

  Once again , obviously , I'm no expert, but seems to me, he has installed  a service running ,(or several) (maybe in a code cave) on your root that monitors connections. Is it strictly TCP or UDP as well?

Share this post


Link to post
Share on other sites

  Once again , obviously , I'm no expert, but seems to me, he has installed  a service running , (maybe in a code cave) on yours that monitors connections. Is it strictly TCP or UDP as well?

its tcp over 80, he is just connecting to my website. If he installed something i would know. My logwatch would tell me that someone else connected to ssh and did this. and nothing is running that shouldn't be running.

Share this post


Link to post
Share on other sites

its tcp over 80, he is just connecting to my website. If he installed something i would know. My logwatch would tell me that someone else connected to ssh and did this. and nothing is running that shouldn't be running.

granted , then the argument is , how is he (24hrs a day) re-connecting as you kill?

Share this post


Link to post
Share on other sites

i really don't know how he is, but i'm going to have to block all of Beijing China to stop this guy.

:2funny: :2funny: :2funny:

Just sound as if there is data in/outbound, telling his prog, that there has been a loss of connection , and theres only one way that can happen. right?

Share this post


Link to post
Share on other sites

Go for it! Wait how many members do you have in china?

alot, 1/3 of my traffic is out of asia.

  Take a quick look at this prog.

  http://www.phenoelit.de/arpoc/

may be that your host is attacking you , from another machine on the intranet.

My host is not attacking me, they would so be out of business if they did.

Share this post


Link to post
Share on other sites

alot, 1/3 of my traffic is out of asia.

My host is not attacking me, they would so be out of business if they did.

no-no, I stated that incorrectly, sorry. What I should have had said was is there a possibility, there is a program running on the same internal network as you, that could be compromised, therefore able to attackyour machine?

Or maybe you dont use a place where theres more systems around you

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...