Port Scanning from China

After several spam comments, I get another port scanning activity from China IP.

Add them to your blocked lists.

Time:    Wed Mar 30 18:13:01 2011 +0700
IP:      183.25.23.253 (CN/China/-)
Hits:    11
Blocked: Temporary Block

Sample of block hits:
Mar 30 18:10:43 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=183.25.23.253 DST=174.138.xxx.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=21591 DF PROTO=TCP SPT=2356 DPT=2011 WINDOW=65535 RES=0x00 SYN URGP=0
Mar 30 18:10:49 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=183.25.23.253 DST=174.138.xxx.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=32534 DF PROTO=TCP SPT=2356 DPT=2011 WINDOW=65535 RES=0x00 SYN URGP=0
Mar 30 18:11:01 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=183.25.23.253 DST=174.138.xxx.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=49023 DF PROTO=TCP SPT=3285 DPT=2011 WINDOW=65535 RES=0x00 SYN URGP=0
Mar 30 18:11:04 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=183.25.23.253 DST=174.138.xxx.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=52883 DF PROTO=TCP SPT=3285 DPT=2011 WINDOW=65535 RES=0x00 SYN URGP=0
Mar 30 18:11:10 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=183.25.23.253 DST=174.138.xxx.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=62635 DF PROTO=TCP SPT=3285 DPT=2011 WINDOW=65535 RES=0x00 SYN URGP=0
Mar 30 18:11:22 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=183.25.23.253 DST=174.138.xxx.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=642 DF PROTO=TCP SPT=4005 DPT=2011 WINDOW=65535 RES=0x00 SYN URGP=0
Mar 30 18:11:25 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=183.25.23.253 DST=174.138.xxx.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=1380 DF PROTO=TCP SPT=4005 DPT=2011 WINDOW=65535 RES=0x00 SYN URGP=0

 

Article Source : http://blog.erawanarifnugroho.com/2011/03/30/port-scanning-from-china.html

Leave a Reply

Your email address will not be published. Required fields are marked *