Re: HELP! Someone Is trying To Hack Into My Computer!

bjm_ · 09-07-2008

Hi Tomas01

FWIW

re> The port said 12200 as the target.

Same for me...always 12200

Source address: 1XX.2XX.3XX.4X (different IP's)

Traffic description: TCP, Port 12200 (same)

No Action Required (same)

Medium Severity (same)

Interested to read your reply from Symantec

Thanks

Tomas01 · 11-08-2009

It said something to that my isp is allowing access to those ip address on my network, and that is the reason those ip addresses are trying to access my computer. They are being blocked and nothing to worry about. I will try to email my isp again and see what they say. Still so many probes. Every once in a while they try to get thru and pop up a warning about it. I am trying something that was posted in here about using rules to block a certain ip address or what ever, I created two of them for two different ones. Is there any way to trace it back to whom is doing it. I mean thru what web site or what? I had heard something like trace route I think I wounder if it would work.

SendOfJive · 02-07-2009

This type of traffic is everywhere on the internet and there is not much you can do except block it. That is what firewalls are for, and that is all you need. If you research the topic on Google you will note that portscans from China using this port number (and many others) have been a constant on the internet for years. Port 12200 is associated with Tenebril's GhostSurf, which is a web anonymizer, and many compromised systems will look for open proxy servers on this port. That explains one reason why this port shows up so frequently in firewall logs.

If you go on the internet you are going to be exposed to lots of unsolicited traffic because that is the nature of the internet. Firewalls protect you. It's like a flu inoculation: A flu shot will not stop the virus from circulating everywhere around you, but it will prevent the virus from entering your cells and infecting you.

A good brief discussion of this internet background noise, as it is called, and the need to be behind some sort of firewall can be found here:

http://ask-leo.com/what_are_these_access_attempts_in_my_router_log.html

Tomas01 · 11-08-2009

I made a rule to block the address with the port 12200 to see if that makes a difference. I will look into the link below, if it is just noise why are some of us getting intrusion alerts for medium? Is there some safe way of running a test to see if my ports are okay?

I have broadband cable thru my isp. (cable modem then connected to the computer). Mine is not wireless also. I have vista 64 on my sys.

Tomas01 · 11-08-2009

there was something else , do you have broadband as well? I also have vista 64. I will try to find something that will look at my ports to see if everything is okay, waiting for a reply. Are you still getting them now? how many?

gabranth · 06-05-2009

*YAWN*

Thu, 2010-05-20 03:18:40 - Router start up
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8088 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,6588 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8089 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,2301 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,7212 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,3124 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8090 - [DOS]
Thu, 2010-05-20 19:54:25 - TCP Packet - Source:125.45.109.166 Destination:xx.xx.xx.xx - [PORT SCAN]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,3128 - [DOS]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,3246 - [DOS]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8085 - [DOS]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166 Destination:xx.xx.xx.xx - [PORT SCAN]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,2479 - [DOS]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166 Destination:xx.xx.xx.xx - [PORT SCAN]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8088 - [DOS]
Thu, 2010-05-20 19:54:26 - TCP Packet - Source:125.45.109.166 Destination:xx.xx.xx.xx - [PORT SCAN]
Fri, 2010-05-21 12:25:52 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,6588 - [DOS]
Fri, 2010-05-21 12:25:52 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,9090 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,2301 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,7212 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,3124 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8090 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166 Destination:xx.xx.xx.xx - [PORT SCAN]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,3128 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,9415 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,1080 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,6588 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8085 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166 Destination:xx.xx.xx.xx - [PORT SCAN]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,8000 - [DOS]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166 Destination:xx.xx.xx.xx - [PORT SCAN]
Fri, 2010-05-21 12:25:53 - TCP Packet - Source:125.45.109.166,12200 Destination:xx.xx.xx.xx,2301 - [DOS]
Fri, 2010-05-21 13:59:45 - Administrator login successful - IP:

floplot · 04-11-2009

Hello gabranth

That IP is from China

More information about that IP can be found here

http://www.ip-adress.com/ip_tracer/125.45.109.166

That IP seems to be getting around also.

Success always occurs in private and failure in full view.

gabranth · 06-05-2009

yep says its from china at the top of google results and saw this thread and though i should post what ive been getting from it

delphinium · 11-21-2008

How many of you are online RP games players? I think I asked that question before but it was missed.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain

bjm_ · 09-07-2008

@ delphinium

re > How many of you are online RP games players?

"Not me"...

Norton Internet Security / Norton AntiVirus

Re: HELP! Someone Is trying To Hack Into My Computer!

Re: HELP! Someone Is trying To Hack Into My Computer!

Re: HELP! Someone Is trying To Hack Into My Computer!

Re: HELP! Someone Is trying To Hack Into My Computer!

Re: HELP! Someone Is trying To Hack Into My Computer!

Re: HELP! Someone Is trying To Hack Into My Computer!

Re: HELP! Someone Is trying To Hack Into My Computer!

Re: HELP! Someone Is trying To Hack Into My Computer!

Re: HELP! Someone Is trying To Hack Into My Computer!

Re: HELP! Someone Is trying To Hack Into My Computer!