Goodnight, China

It seems someone in China really wants to use my computer. Bless their poor, confused, evil little communist hearts…

I thought the commies were proud of their education systems, making sure that every little commie knows that Americans own things!

Anyway, when I turn off my computer, the best of you better protect your ports 1026 and 1027.

Hmm – I wonder if I smell a vista hack.

(And in the time it took write this post, another 1500 attempts; I’m betting that we’ll be seeing complaints of warping and lagginess and “my internet connection is fine” in the logs tomorrow)

Source IP Destination Port Number
221.208.208.83 1027
221.208.208.83 1026
221.208.208.83 1027
221.209.110.50 1026
60.12.192.35 1026
221.209.110.50 1027
221.130.192.72 1026
222.216.28.191 2967
61.134.60.146 23345
60.11.125.54 1026
86.218.125.200 1026
60.12.166.2 1027
60.12.166.2 1026
221.208.208.212 1026
221.208.208.212 1027
221.208.208.212 1026
221.130.192.89 1026
221.12.113.248 1027
221.130.192.72 1027
60.11.125.53 1027
60.11.125.53 1026
202.97.238.202 1027
202.97.238.202 1026
204.16.209.44 1027
204.16.209.44 1026
221.12.113.249 1027
221.12.113.248 1027
221.12.113.248 1026
202.12.29.3 2570
0.24.1.255 80

21 Comments

I get lots of probes daily from china or Asia Pacific. I’ve blocked just about all of the major port ranges for ftp, telnet, ssh, etc.

Changed the rules. My machines have to initiate the contact first.

I did read that M$ has sold over 40 million copies of Vista. Guess that means that there are at least 40 Million potential PC’s ready to be turned into zombies.

i remember a quote from bash.org which basically just hints that there needs to be a .bot domain for windows boxen :^)

Just been playing with denyhosts to just add to my general security (I dont believe in firewalls to cover poor administration :D)

asn

So can I just block 1026 and 1027 and be guud? I just installed Vista last week. BTW, I love it, although I can’t play WoW. Which is really alright by me. I should cancel that crap anyway–having too much fun in BE.

Just buy a router and be save by default from this form of “attack”.

you son of bitch.shamed by you ignorance

Try Shields Up https://www.grc.com/x/ne.dll?rh1dkyd2 to test your firewalls and open ports.

I’m hidden behind a router and all of my tests came back as completely stealthy.

Where do you think I caught the attempts? I run two hardware firewalls in serial, because hardware firewalls are hackable too. I also run a DMZ on the first to a honeypot on the second.
Plus relying on a software firewall on your PC is like carrying a fire extinguisher with the words “Add water before use”.

This reminds me of a vBulletin I just posted. Within a day of going live a number of russian accounts were created and started posting links to gay porn. That’s when I realized the image verification CAPTCHA wasn’t enabled.

Easting, WoW should run fine under Vista .. if you’re having problems, a quick contact to tech support should be able to fix you up :)

As per the original topic .. I really hate that I have to work to secure my own machine. One of the many logs in the fires of disdain I have towards MS/OS.

As I keep saying. Port BE over to Linux and I will be M$ free. :)

Thanks thunder, but it’ll give me an excuse to cancel it. I only played it because my bro’s and sis plays but I really never had the fun that I had in EQ2. BE’s got my interest right now.

Only regret about Vista (and it’s not MS fault) but I had to buy a new soundcard because Turtle beach won’t make a Vista driver for the Santa Cruz. Guess what–they don’t make soundcards with game/midi ports anymore? Who knew? So now I need a new jstick, usb interface. Unless anyone knows where I can get an adapter for it…it’s a MS precision pro force feedback. Soundcard I went with was a Creative X-fi gamer fatality pro series. No gameport on it.

it’s just a spam blast nothing to get overly concerned about.

http://isc.sans.org/port.html?port=1026

turn off msn messenger or run a different app for msn messaging.

Jesus H. Chris, Mad, WTF did I ever do to make you think so little of me????? ;)

Duh; shows I’m getting rusty, I’d checked CERT and I knew there was another one, but I totally couldn’t remember sans.org. Mike will have a good laugh at that, no doubt.

I check my Firewall logs fairly often, this was just a suprisingly sudden burst, and by the time I shut down the machine I was receiving nearly 2000 a minute. Mean’t I hadda spend a little while checking to see if something was acting as an attractor, but earlier this morning it dawned on me that I had probably reset my DSL not long before – so it probably wasn’t aimed at me, just my new IP address…

Vista no longer supports sound hardware; no surprise that they wouldn’t update their drivers.

“vista no longer supports sound hardware”?

Is this part of the whole “DRM leak protection” (sound devices are fairly blind – if you plug your sound out jack into another systems sound in jack, you can bypass CD/DVD audio copyright protection)

Or is this just something else?

Well, the Turtle Beach’s Santa Cruz was a bit long in the tooth. After Turtle Beach sold a number of years back, they dropped production of the Santa Cruz and introduced 3 new soundcard lines. I think it was more of a planned obsolescence (sp?) on their part, to push their new product under new ownership. That said, the Santa Cruz was a fine soundcard for any XP or earlier system.

My new soundcard from Creative (and this isn’t unique to the model) doesn’t have a joystick/midi port, which makes me sad. Honestly, if I had the knowledge, I’d write my own driver for the Santa Cruz–but then again, I’m a tard when it comes to code.

Yep, the Turtle Beach was a nice sound card in it’s day.

As for your problem of no joystick/midi port, you can easliy pick up a converter that allows you to plug in a old style joystick into a USB port.

Kfsone, i dont really know if you referd to my comment but to claryfy my comment. If you use NAT the router just did not know where to forward the connection attempt -> no connection can be established from outside. (I assume no normal user “in German called ‘Ottonormalverbraucher'” would setup a forward for 1026/27, AFAIK 1026 is used by things like nterm)

Mwhitman,

I’d love it if it were that easy, but it’s a series one MS Precision Pro Force Feedback and somehow is unique. I’ve tried one adapter in the past but it failed to recognize a jstick. But what the heck, I’ll buy one this weekend and try it. Can’t hurt, maybe Vista will see it.

Hi!
I have this chinese problem too (about 100 times per minute), but my ZoneAlarm blocks their attacks.
I’m sure, they are fortuneless crazy yellow boys – not communists.

Alex88, Moscow

I use firewall OpenBSD Packet Filter on FreeBSD and ZoneAlarm Pro for Windows.

Leave a Reply

Name and email address are required. Your email address will not be published.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You may use these HTML tags and attributes:

<a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <s> <strike> <strong> 

%d bloggers like this: