Jump to content

anyone else noticing this in their firewall logs?


CCMUA2009

Recommended Posts

I have noticed in my firewall log over the last few days, taht my firewall has detected attempted intrusion via portscan by the IP address

61.139.105.163

It looks like that has been out there for the last year. But I have just started noticing that in my logs this past weekend. Just seeing if others have too?

Link to post
Share on other sites

Hi CCMUA2009 -

You will at times notice new IP addresses being flagged as ????? bad while the same one is allowed next update -

This may be from a previous or newer update and you have not checked your logs for a while -

The IP addresses tend to change at times (some get added and some are removed) as the crew find bad ones or get a clearance on an old one -

The crew always are adding and removing all the time as they check the IP of sites -

Thanks for being observant - :(

EDIT - Re; 61.139.105.163 -

Owner is Zigong Sciences Informations Academe -

Zigong / Sichuan Province / China -

Personally Regestered to - Kiaodong Shi -

The Chinese are trying to watch you ??? - :D

Link to post
Share on other sites

  • 2 weeks later...

I have been getting that same IP addy in my firewall logs a little more than 30 times a day since the 24th of December. I went back through some of my older logs to see if I just hadn't noticed it before and it wasn't there.

I thought maybe I had just not noticed as I wasn't paying much attention until the 17th, or so, of December when my computer got hit hard by would be intruders. For a 24 hour period my computer had close to 3,000 attempts into it. Most of those attempts came from countries other than the one I live in.

The normal amount of attempts for my computer in a 24 hour period is 70-80. Since that time I started watching a little closer and have noticed that even though things pretty much went back to normal, 24 hours after that attack started, that same IP addy you mentioned is hitting my computer, with 15-20 attempts each time, twice a day, every day. That is the only IP addy that shows consistantly in my logs.

Since I know my firewall is blocking it, and all other attempts into it, I am not really worried about it, I just find it rather odd and am a bit curious about it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.