• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos1

HELP! Someone Is trying To Hack Into My Computer!

Ok, Ive gotten the usual "A recent attempt to attack your computer was blocked" warnings like everyone else probably has especially when I first bought my computer and signed on everyday. But just in the last week or so Ive been getting this warning a minimum of 20 / 25 times a day from the same I.P addresss. The person is from China and is trying to do a portscan. Thank God for Nortons they're not succeeding obviously but they're so relentless Im afraid they'll figure out a way. My questions are 1. Can I report the continuos attempts to somebody , is there anyplace online where you can report someone trying to hack into your computer? 2. Am I completely safe with Nortons or will this person ever have a chance to break through?  and 3. I went into my Nortons security today to try and see if it logged the I.P address anywhere so I could report them but instead found something that allows you to enter I.P addresses of computers you want to restrict any access to your computer, which I'll definitely use after I find out what his I.P is again. After I add this persons I.P address to that list what exactly if anything EXTRA will this do to keep this person from breaking through?

Also, since this started I have been having alot of problems with my computer  like it not connecting to the internet.  I'll be connected and can play downloaded programs but if I try and search the internet it will say Im not connected.  Also the poker programs I use have been acting funny.  I've been having a hard time logging into most of them when I never had problems before.  I'll usually get some kind of warning saying im not connected and  not until after numerous attempts Ill finally get in. And the weirdest thing thats happened since this started was I walked away from my computer to come back and see an Internet Explorer warning box that had popped up on its own saying something like " You have been logged off of chat because you logged on from another computer".  I have no idea where this warning came from or what it was talking about because I dont chat online at all on any sites or servers. So something is definitely going on.

I wish I had the guys I.P address now so I could put it up in this post but I didnt write it down and save it, I just wrote it down yesterday to check it on a I.P locator but forgot to save it. The guy does it atleast 10 or 20 times a day so Im just waiting today for it to happen again so I can get his I.P address and write it down save it and add it to the restricted compter list in Nortons. When I get it Ill come back and post it here so maybe you guys can tell me something about the user.

If anybody has the answers to my 3 main questions .. Please HELP

Replies

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

FWIW

I've recently (last few days) experienced persistent Portscans from the same IP in China...may be the same IP as with your experience.   Do you wish to compare IP's  ... your History logs should have the IP info and record of Intrusion Attempt.  I have not noticed any issues with my box. 

NIS21.6 VistaSP2 FF32 IE9 Compaq A931NR
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

Sure I wish I could get the exact I.P and post it but I actually didnt get a warning today  like I have been every single day.  I wonder if he somehow  knows Im posting about it, its a lil weird that the only day I didnt get an attack was the day I started posting about it online.  I remember there was a 166 in it. Where are these history logs? I couldnt find anything like that in the Norton Security.

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

@ iitsLexiis

iitsLexiis wrote > Where are these history logs? I couldn't find anything like that in the Norton Security.

Which Norton product & version are you running...NIS, NAV, NSS ?   If you're running NIS ~ click on History from the user interface...

iitsLexiis wrote > "A recent attempt to attack your computer was blocked"

IMO the intrusion attempts were blocked so you are protected with regard to those attempts...

Please post the Intrusion Attempt log information you are concerned about... to verify what is occuring.

Regarding your browser & connectivity issues... hopefully those will be addressed by the Community

NIS21.6 VistaSP2 FF32 IE9 Compaq A931NR
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

Ive got NIS 2005 version I didnt see anything that said history but I found the logs under a link that said statistics. The I.P of the guy who was doing it is

125.45.109.166  (122000) and he attacked ports 9000 9090 6588 if that means something (Im not tech savvy at all) protocol TCB

He started on the 27th and since the day I posted this on here on the 4th I had 3 more attacks with the last one ending at 1:13 p.m 2 hours before I posted this, since then I havent gotten any more attacks and my computers been acting normal again. I just added his I.P to the restricted zone in my personal firewall, I guess that will stop all portscans from him permanently. Thnx bjm let me know if thats the same I.P

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

Hello iitsLexiis

If you put that IP into Google, you will find many listings for that ip. I didn't look at any of the listings since the sites were unfamiliar to me, but they didn't sound too good. Here is just one of the names of the topics that came up.

125.45.109.166 is listed in bl.nszones.com and four other blacklists

I saw sites that list it as a poker site and doing port scans. I suppose complaining to the ISP of this person probably won't do much good.

Success always occurs in private and failure in full view.
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

Do you play any Online games like Asheron's Call or similar?

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

NIS 2005? I think that might be a little outdated? I think you need to upgrade to the current version NIS 2010, I'm not sure that version will still be protected.
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!


reactivate wrote:
NIS 2005? I think that might be a little outdated? I think you need to upgrade to the current version NIS 2010, I'm not sure that version will still be protected.

Good advice to update to NIS 2010 as it is much improved over 2005. This would normally require a purchase of NIS2010 as there is not a free upgrade path from 2005. However, may get some assistance by contacting Customer Support here and asking if they can upgrade.

http://www.symantec.com/norton/support/contact/contact.jsp?pvid=cs

It would be a good idea to check the current PC specification against the system requirements for NIS2010. These can be found here

http://www.symantec.com/norton/internet-security

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

Also Note: If you decide to update, use the Norton removal tool to remove your Norton Product properly from your computer, as Norton 2010 will use a different engine. You should run it two or three times, restarting your computer after each run, then it will be o.k to install NIS 2010, or if you prefer Norton 360 v4
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

@ iitsLexiis

iitsLexiis wrote > bjm let me know if thats the same I.P

Yes.... same IP ,  reverse IP lookup ~ China , same time period

So, "he" as you describe the Intrusion Attempt is not only after you..."he" is also probing my box...

"he" and "they" are always trying to find a hole to crawl through... hence the need for Firewalls and Norton ~ IMO

NIS21.6 VistaSP2 FF32 IE9 Compaq A931NR
Kudos1

Re: HELP! Someone Is trying To Hack Into My Computer!

For infor, some online games persistently try to reconnect after you have signed off.  TCP is a directed communication attempt rather than a UDP general broadcast.  It could be that prior infections have used those ports, or that they have been used for self-generated forms of communication.  That should be checked for your own piece of mind.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

@ delphinium

When you write > That should be checked for your own piece of mind.

Do you mean here with the Norton Community or with a malware remediation site ? Or ?

NIS21.6 VistaSP2 FF32 IE9 Compaq A931NR
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

To delphinium & the Community

re > It could be that prior infections have used those ports, or that they have been used for self-generated forms of communication.  That should be checked for your own piece of mind.

What is / are self-generated forms of communication.

How may I check (as you suggest) if the ports were used by prior infections or for self-generated forms of communication.  What might I do now to satify my own piece of mind with regard to Intrusion Attempts that Norton reports as Blocked and with no hint that manual intervention is required?

NIS21.6 VistaSP2 FF32 IE9 Compaq A931NR
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

Hi,

Checked on Whois, I quickly browsed over what everyone had posted here and didn't see anyone mentioning this. I have attached the info as a text document. there is a bit more info - you can put that IP address into http://cqcounter.com/whois/ if you want it.

A quick google search of "UNICOM-HA" (check attachment) brings up quite a few "shady" links - spam, malware and pharmaceutical.

Anyway, just some infor for you :-) However, Norton is protecting you from the attacks:-) Might be that all the guys being probed have some software in common? maybe try uploading and comparing HiJackThis reports? Maybe we can find something in common :-)

And definitely update to 2010!!

Matt

File Attachment: 
"The fact that man knows right from wrong proves his intellectual superiority to other creatures; but the fact that he can do wrong proves his moral inferiority to any creature that cannot."- Mark Twain
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

Hi mattsegers

thanks for your info and interest...

I did use 'whois' ... so, I knew as much as whois offered...

delphinium offered that TCP traffic suggests something more than just UDP traffic ...unsure what to do with that info.

I don't know if my activity or my apps are in any way causal to these intrusion attempts & Norton's Recommended Action is always No Action Required...so, the OP has / had concerns as I do...?

thanks for your interest

NIS21.6 VistaSP2 FF32 IE9 Compaq A931NR
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

thnx everybody... since i added that I.P to my Nortons firewall block list i havent been having any problems at all with it plus i changed my block time afterwards from when i get attacked from anyone from 30 mins where it was at to 48 hours... i didnt have any problems at all with my internet connections or log ons to poker programs for about a day or 2 after i blocked that I.P but now im still have problems logging on to 2 of them and sometimes still have problems with websites saying im not connected.... the warning is always something about either not being connected to the internet when i obvioulsy am or it'll say something about checking my firewall... this is a new problem that only started on the same day the hacking problem started from that I.P...  i do eventually get into the poker sites or end up on the webpage but not until after clearing my cache minutes after minutes... so i dont know if theres just something wrong with my computer or if something else thats related to my firewall is going on... because everything was fine until the hacking attempts

im not tech savvy at all as you can tell i havent even updated my nortons since i bought the computer 5 years ago and i didnt know until i went looking around in my security options in my Windows control panel that the defualt setting for the Windows firewall was turned OFF with the word (recommended) next to it... that doesnt make any sense why OFF would be the default setting and they actually had that as recommended... i guess i always thoughtt the Nortons Security firewall was enough but i turned the Windows firewall on anyway just in case... is that ok to have 2 firewalls running at the same time?... one wont cancel the other one out will it or effect it?

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!


iitsLexiis wrote:
 i guess i always thoughtt the Nortons Security firewall was enough but i turned the Windows firewall on anyway just in case... is that ok to have 2 firewalls running at the same time?... one wont cancel the other one out will it or effect it?{/b]

Hi iitsLexiis

You cannot run both firewalls together as it will give problems. You should turn the Windows Firewall off.

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

my connection is bad now its taking me a minute to edit and reply

[MDTRUNER] so i shouldnt ? ok thnx ill turn windows off then

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

my connection is bad now its taking me a minute to edit and reply [MDTRUNER] so i shouldnt ? ok thnx ill turn windows off then
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

ok i was in the middle of trying to load this page in my main browser and it wouldnt load was taking over 3 or 4 minutes ( because it wont let me edit in my Opera browser the one thats still active now) and as soon as i turned the Windows firewall off i lost the connection to it totally .. i get this

The page cannot be displayed The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings. -------------------------------------------------------------------------------- Please try the following: Click the Refresh button, or try again later. If you typed the page address in the Address bar, make sure that it is spelled correctly. To check your connection settings, click the Tools menu, and then click Internet Options. On the Connections tab, click Settings. The settings should match those provided by your local area network (LAN) administrator or Internet service provider (ISP). See if your Internet connection settings are being detected. You can set Microsoft Windows to examine your network and automatically discover network connection settings (if your network administrator has enabled this setting). Click the Tools menu, and then click Internet Options. On the Connections tab, click LAN Settings. Select Automatically detect settings, and then click OK. Some sites require 128-bit connection security. Click the Help menu and then click About Internet Explorer to determine what strength security you have installed. If you are trying to reach a secure site, make sure your Security settings can support it. Click the Tools menu, and then click Internet Options. On the Advanced tab, scroll to the Security section and check settings for SSL 2.0, SSL 3.0, TLS 1.0, PCT 1.0. Click the Back button to try another link. Cannot find server or DNS Error Internet Explorer

I noticed once i had the Windows firewall on I was having a LIL less problems with connections and as soon as i turned it off like [MDTRUNER] suggested i have connection problems again.... but you say NOT TO run both firewalls? what exactly happens when you run 2 firewalls at the same time?

(FOR SOME REASON WHEN I POST MY REPLIES IN MY OPERA BROWSER IT DOESNT FORMAT IT IN THE PARAGRAPHS I WRITE IT IN ... IT JUST BUNCHES ALL THE WORDS TOGETHER PLUS IT WONT ALLOW ME TO EDIT IT THERE.. SO I HAVE TO COME BACK TO MY MAIN BROWSER WHERE ITS TAKING OVER 3 OR 4 MINUTES TO FINALLY LOAD SO I CAN FORMAT IT LIKE I POSTED IT)

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

This article from Microsoft explains firewalls and has the question about 2 firewalls answered.

http://www.microsoft.com/security/firewalls/faq.aspx

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

[BJM]

 

QOUTE: "@ iitsLexiis

iitsLexiis wrote > bjm let me know if thats the same I.P

 

Yes.... same IP ,  reverse IP lookup ~ China , same time period

So, "he" as you describe the Intrusion Attempt is not only after you..."he" is also probing my box...

 

"he" and "they" are always trying to find a hole to crawl through... hence the need for Firewalls and Norton ~ IMO"

 

yea when you said you thought you were having the same problems with the same I.P i started thinking its probably a group of ppl....  so are you still having problems or did you block them?

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

ugh!! my computer is getting on my nerves right now its taking over 4 or 5 minutes just to reply to a post i dont usually have this problem... i came on to reply to everyones posts but cant... ill try later on

Kudos1

Re: HELP! Someone Is trying To Hack Into My Computer!

Hi iitsLexiis,

I am also currently experiencing slow page load times at the Norton site.  There is still a lot of tinkering going on here behind the scenes and occassional odd behaviors crop up from time to time.  I sometimes use Opera on a Mac and have had issues similar to what you describe:  horrendously slow page loading, text editor issues and other scripting errors.  Are you able to visit other sites without these sorts of problems?  Can you use this site with Internet Explorer or Firefox?

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!


reactivate wrote:
Also Note: If you decide to update, use the Norton removal tool to remove your Norton Product properly from your computer, as Norton 2010 will use a different engine. You should run it two or three times, restarting your computer after each run, then it will be o.k to install NIS 2010, or if you prefer Norton 360 v4

This raises a question I always wondered about.  If you run the Norton removal tool, won't you be vulnerable to any virus or hacking attempt until you get the new version installed? I think if I knew that I were subject to frequent attacks from a Chinese site, I'd be worried about even having a few minutes of total vulnerability.

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!


randysea wrote:

This raises a question I always wondered about.  If you run the Norton removal tool, won't you be vulnerable to any virus or hacking attempt until you get the new version installed? I think if I knew that I were subject to frequent attacks from a Chinese site, I'd be worried about even having a few minutes of total vulnerability.


HI randysea

You would indeed be vulnerable if you stayed connected to the internet with a firewall disabled. If you look closely at posts where advice has been given to use the Norton Removal Tool it has also been strongly advised that users should disconnect from the internet until their product is installed/reinstalled and/or enable the Windows Firewall which would subsequently be disabled once the Norton install was completed.

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

Hello iitsLexiis

iitsLexiis wrote > yea when you said you thought you were having the same problems with the same I.P i started thinking its probably a group of ppl....  so are you still having problems or did you block them?

I did not block "them" ~ IP / Port > Please see this Topic

http://community.norton.com/t5/Norton-Internet-Security-Norton/Attacking-Computer-Intrusion-Protection/td-p/125892

Source address:  122.227.164.96 (different IP)

Traffic description:  TCP, Port 12200 (same)

No Action Required   (same)

Medium Severity    (same)

Floating_Red offered info > How to Block the Port Number & dbrisendine offered info > The rule that Floating_Red had you make will only block the IP address listed.  You are protected by NIS2009 automatically (as indicated in the history logs) so you should not anything to worry about.  You can not stop the outside source from scanning your system; the rule will stop the logging if that is what was bothering you.  All portscan probes were blocked.  You are secure.

I considered creating a rule...then just followed info from dbrisendine.  

delphinium (this thread) offered > TCP is a directed communication attempt rather than a UDP general broadcast.  It could be that prior infections have used those ports, or that they have been used for self-generated forms of communication.  That should be checked for your own piece of mind.

Maybe, I should re-think ?  IDK   at this time IDK ~ how to act on delphinium advice > That should be checked for your own piece of mind.


NIS21.6 VistaSP2 FF32 IE9 Compaq A931NR
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!


mdturner wrote:

HI randysea

You would indeed be vulnerable if you stayed connected to the internet with a firewall disabled. If you look closely at posts where advice has been given to use the Norton Removal Tool it has also been strongly advised that users should disconnect from the internet until their product is installed/reinstalled and/or enable the Windows Firewall which would subsequently be disabled once the Norton install was completed.


What you say makes sense. Turning on Windows firewall is a particularly good idea. It had not occurred to me.  However, I don't think the advice about disconnecting is given as often as you think. In this thread, for example, it was not given.

Possibly even worse, Symantec itself may fail to give that advice. A few weeks ago one of my machines started up with a message that intrusion protection had failed to load. I was directed to run the Norton Removal Tool and reinstall NIS. There was no mention of disconnecting from the Internet. Now, I can't say for sure if the tool itself might have given me that warning. Before I went through the annoyance of removal and reinstallation, I did the more obvious thing. I rebooted. This time NIS started up normally, and there have been no problems since.

I can see another bad scenario. If I remember correctly, this thread started with someone using Norton 2005. Supposing he had run the removal tool, for whatever reason, including disconnecting from the internet. At some point in the reinstallation he would have to reconnect. For however long it took, his protection (signatures and program files) would be five years out of date. Even if he was upgrading to NIS 2010, the installation files would be up to a year out of date and thus he'd still have a window of vulnerability. For most people, this window of a few minutes would be a very low risk. But for someone who is regularly being attacked, it is a much higher risk.

Seems like the Norton installation routines should have a test for an inadequately protected computer. Then it should close all internet traffic during installation, except for brief openings limited to Symantec validation and update downloads.

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

I too have had many port scans as well.  Some of them has been even medium: ((intrusion attack blocked )) then ip address  same as yours.  There should be some kind of extra protection or a way to scan your ports in norton to see what is going on.  I've had more then 15 in last 4 hours alone. I've emailed norton on this to find out what the heck is going on.  The port said 12200 as the target.

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

Hi Tomas01

FWIW

re> The port said 12200 as the target.

Same for me...always 12200

Source address:  1XX.2XX.3XX.4X (different IP's)

Traffic description:  TCP, Port 12200 (same)

No Action Required   (same)

Medium Severity    (same)

Interested to read your reply from Symantec

Thanks

NIS21.6 VistaSP2 FF32 IE9 Compaq A931NR
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

It said something to that my isp is allowing access to those ip address on my network, and that is the reason those ip addresses are trying to access my computer.  They are being blocked and nothing to worry about. I will try to email my isp again and see what they say.  Still  so many probes.  Every once in a while they try to get thru and pop up a warning about it.  I am trying something that was posted in here about using rules to block a certain ip address or what ever,  I created two of them for two different ones.  Is there any way to trace it back to whom is doing it.  I mean thru what web site or what?  I had heard something like trace route I think I wounder if it would work.

Kudos2

Re: HELP! Someone Is trying To Hack Into My Computer!

This type of traffic is everywhere on the internet and there is not much you can do except block it.  That is what firewalls are for, and that is all you need.  If you research the topic on Google you will note that portscans from China using this port number (and many others) have been a constant on the internet for years.  Port 12200 is associated with Tenebril's GhostSurf, which is a web anonymizer, and many compromised systems will look for open proxy servers on this port.  That explains one reason why this port shows up so frequently in firewall logs.

If you go on the internet you are going to be exposed to lots of unsolicited traffic because that is the nature of the internet.  Firewalls protect you.  It's like a flu inoculation:  A flu shot will not stop the virus from circulating everywhere around you, but it will prevent the virus from entering your cells and infecting you. 

A good brief discussion of this internet background noise, as it is called, and the need to be behind some sort of firewall can be found here:

http://ask-leo.com/what_are_these_access_attempts_in_my_router_log.html

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

I made a rule to block the address with the port 12200 to see if that makes a difference.  I will look into the link below, if it is just noise why are some of us getting intrusion alerts for medium?  Is there some safe way of running a test to see if my ports are okay? 

I have broadband cable thru my isp.  (cable modem then connected to the computer).  Mine is not wireless also.  I  have vista 64 on my sys.

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

there was something else , do you have broadband as well?  I also have vista 64.  I will try to find something that will look at my ports to see if everything is okay,  waiting for a reply.  Are you still getting them now? how many?

Kudos1

Re: HELP! Someone Is trying To Hack Into My Computer!

*YAWN*

Thu, 2010-05-20 03:18:40 - Router start up
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8088 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,6588 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8089 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,2301 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,7212 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,3124 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8090 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166 Destination:xx.xx.xx.xx - [PORT SCAN]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,3128 - [DOS]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,3246 - [DOS]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8085 - [DOS]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166 Destination:xx.xx.xx.xx - [PORT SCAN]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,2479 - [DOS]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166 Destination:xx.xx.xx.xx - [PORT SCAN]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8088 - [DOS]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166 Destination:xx.xx.xx.xx - [PORT SCAN]
Fri, 2010-05-21 12:25:52 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,6588 - [DOS]
Fri, 2010-05-21 12:25:52 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,9090 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,2301 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,7212 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,3124 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8090 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166 Destination:xx.xx.xx.xx - [PORT SCAN]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,3128 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,9415 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,1080 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,6588 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8085 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166 Destination:xx.xx.xx.xx - [PORT SCAN]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8000 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166 Destination:xx.xx.xx.xx - [PORT SCAN]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,2301 - [DOS]
Fri, 2010-05-21 13:59:45 - Administrator login successful - IP:

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

Hello gabranth

That IP is from China

More information about that IP can be found here

http://www.ip-adress.com/ip_tracer/125.45.109.166

            

That IP seems to be getting around also.

Success always occurs in private and failure in full view.
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

yep says its from china at the top of google results and saw this thread and though i should post what ive been getting from it

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

How many of you are online RP games players?  I think I asked that question before but it was missed.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

@ delphinium

re > How many of you are online RP games players?

"Not me"...

NIS21.6 VistaSP2 FF32 IE9 Compaq A931NR
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

Not me. sorry my internet has been down due to service.

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!


gabranth wrote:

Thu, 2010-05-20 03:18:40 - Router start up
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8088 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,6588 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8089 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,2301 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,7212 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,3124 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8090 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166 Destination:xx.xx.xx.xx - [PORT SCAN]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,3128 - [DOS]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,3246 - [DOS]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8085 - [DOS]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166 Destination:xx.xx.xx.xx - [PORT SCAN]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,2479 - [DOS]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166 Destination:xx.xx.xx.xx - [PORT SCAN]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8088 - [DOS]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166 Destination:xx.xx.xx.xx - [PORT SCAN]
Fri, 2010-05-21 12:25:52 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,6588 - [DOS]
Fri, 2010-05-21 12:25:52 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,9090 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,2301 - [DOS]
Fri, 2010-05-21 13:59:45 - Administrator login successful - IP:


That is the same one that last scanned my ports!

I have been getting a lot of scans (who knows for how long as I used to only rely on Windows Firewall and just recently decided to try something better..

Scans from:

222.45.112.59

62.204.141.137

62.106.104.39

216.207.205.99

222.236.46.141

208.43.155.126

72.9.105.26

222.186.30.249

125.45.109.166

Scanning verious ports such as:

1080

2479

2881, 2883, 2886,  and 2890

3128

3246

4000-4002,
4004,
4008-4010,
4012-4014,
4016,
4032-4034,
4036,
4052-4054,
4056-4058,
4060,
4072-4074,
4076-4078,
4080-4082,
4084,
4096-4098,
4100-4102,
4104,
4120-4122,
4124-4126,
4128,
4140-4142,
and 4144

6588

7212

8000

8080

8085

8090

9000

9090

9415

10080

______________________________________________________Newbie who the more I learn the more paranoid I get.. it seems.
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

kabo0m -

What security product are you using now?  What did you use to log these scans?

Win7 x32 SP1
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!


dbrisendine wrote:

kabo0m -

What security product are you using now?  What did you use to log these scans?


Sygate

______________________________________________________Newbie who the more I learn the more paranoid I get.. it seems.
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

Hi kabo0m

wrote:  Sygate

Please see > Sygate Personal Firewall has been replaced by an advanced "Smart Firewall," available in Symantec’s Norton Internet Security.   > http://www.symantec.com/norton/sygate/index.jsp

How old is your Sygate > quote: On October 10, 2005 Symantec Corporation acquired Sygate Technologies (Symantec Press Release).

Welcome to the Community

NIS21.6 VistaSP2 FF32 IE9 Compaq A931NR
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

Mine is the free version.. but I will look into it as I need something better. I am not sure if this is alerting me or actually blocking anything..

That IP scanned my ports again today:

125.45.109.166

Somebody is scanning your computer.
 Your computer's TCP ports:
 8888, 808, 50050,  and 2301 have been scanned from 125.45.109.166..

I did a search and realized I was not alone with getting scanned by this IP

http://www.ipillion.com/?ip=125.45.109.166,1

______________________________________________________Newbie who the more I learn the more paranoid I get.. it seems.
Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

Been gone for a while.  just checked it.  I used norton 360, which shows it popping up intrusion has been blocked.      Will keep track of whats going on.  Is anyone also having scans = 0 every once in a while on cookies and viruses?? Just curious.  Yeah and to Kaboom I am also curious to what you are using?  I like the port scan and alert from norton,  but would like to know why so much? Will let you know how things are going and how many from diff addresses.

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

Mon, 2010-06-21 05:52:42 - TCP Packet - Source:125.45.109.166,12200 Destination:88.x.x.x,8000 - [DOS]

Mon, 2010-06-21 05:52:42 - TCP Packet - Source:125.45.109.166,12200 Destination:88.x.x.x,553 - [DOS]

Mon, 2010-06-21 05:52:42 - TCP Packet - Source:125.45.109.166 Destination:88.x.x.x - [PORT SCAN]

botnets now scanning 553,8000 this is so much fun :)

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

Tomas01-

do you mean quick scans that show 0 objects scanned and run for 2 or 3 seconds?

Kudos0

Re: HELP! Someone Is trying To Hack Into My Computer!

Here is an update to mine .

I block 221. 192,  guess what i'm getting in norton history logs??  rule block the address inbound tcp connection. 

Okay except a couple of them are saying blocked com process name is c:progam files (x86) norton 360 engine ccsvchst.exe and the other is ie explorer every so often.  Should I cancel this rule??

Replies are locked for this thread.