Vinod Subramaniam

So you think your home network is safe ??

Discussion created by Vinod Subramaniam Employee on Dec 20, 2013
Latest reply on Aug 7, 2014 by Vinod Subramaniam

Just setup a IDS under pfsense. Learning security I guess. And check the below out ..........

Hmmmm ........ 60.173.8.181 is scanning for database ports ...first for Oracle TNS and then the MSSQL 1433 ......

 

snort.png

 

And where is 60.173.8.181 located .........Beijing China ...........Betcha it is chinese bots scanning the internet ..........

 

WHOIS - 60.173.8.181

Location: China [City: Beijing, Beijing]

ARIN says that this IP belongs to APNIC; I'm looking it up there.

Using 30+ day old  [STALE - being deleted now] cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).

% [whois.apnic.net]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

% Information related to '60.166.0.0 - 60.175.255.255'

inetnum:        60.166.0.0 - 60.175.255.255
netname:        CHINANET-AH
descr:          CHINANET anhui province network
descr:          China Telecom
descr:          A12,Xin-Jie-Kou-Wai Street
descr:          Beijing 100088
country:        CN
admin-c:        CH93-AP
tech-c:         JW89-AP
mnt-by:         APNIC-HM
mnt-routes:     MAINT-CHINANET-AH
mnt-lower:      MAINT-CHINANET-AH
status:         ALLOCATED PORTABLE
changed:        **********@apnic.net 20040721
source:         APNIC

person:         Chinanet Hostmaster
nic-hdl:        CH93-AP
e-mail:         *********@ns.chinanet.cn.net
address:        No.31 ,jingrong street,beijing
address:        100032
phone:          +86-10-58501724
fax-no:         +86-10-58501724
country:        CN
changed:        ******@cndata.com 20070416
mnt-by:         MAINT-CHINANET
source:         APNIC

person:         Jinneng Wang
address:        17/F, Postal Building No.120 Changjiang
address:        Middle Road, Hefei, Anhui, China
country:        CN
phone:          +86-551-2659073
fax-no:         +86-551-2659287
e-mail:         ****@mail.hf.ah.cninfo.net
nic-hdl:        JW89-AP
mnt-by:         MAINT-NEW
changed:        ****@mail.hf.ah.cninfo.net 19990818
source:         APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS2)


 

WHOIS - 60.173.11.8

Location: China [City: Beijing, Beijing]

ARIN says that this IP belongs to APNIC; I'm looking it up there.

Using 30+ day old  [STALE - being deleted now] cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).

% [whois.apnic.net]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

% Information related to '60.166.0.0 - 60.175.255.255'

inetnum:        60.166.0.0 - 60.175.255.255
netname:        CHINANET-AH
descr:          CHINANET anhui province network
descr:          China Telecom
descr:          A12,Xin-Jie-Kou-Wai Street
descr:          Beijing 100088
country:        CN
admin-c:        CH93-AP
tech-c:         JW89-AP
mnt-by:         APNIC-HM
mnt-routes:     MAINT-CHINANET-AH
mnt-lower:      MAINT-CHINANET-AH
status:         ALLOCATED PORTABLE
changed:        **********@apnic.net 20040721
source:         APNIC

person:         Chinanet Hostmaster
nic-hdl:        CH93-AP
e-mail:         *********@ns.chinanet.cn.net
address:        No.31 ,jingrong street,beijing
address:        100032
phone:          +86-10-58501724
fax-no:         +86-10-58501724
country:        CN
changed:        ******@cndata.com 20070416
mnt-by:         MAINT-CHINANET
source:         APNIC

person:         Jinneng Wang
address:        17/F, Postal Building No.120 Changjiang
address:        Middle Road, Hefei, Anhui, China
country:        CN
phone:          +86-551-2659073
fax-no:         +86-551-2659287
e-mail:         ****@mail.hf.ah.cninfo.net
nic-hdl:        JW89-AP
mnt-by:         MAINT-NEW
changed:        ****@mail.hf.ah.cninfo.net 19990818
source:         APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS4)


Outcomes