Whats this mean ? Xmas Port Scan Attack ?

pwsincd

Garage Flower
OP
Developer
Joined
Dec 4, 2011
Messages
3,685
Trophies
2
Location
Manchester UK
XP
4,441
so 10 min ago i lost all internet , after several reboots of all machines , i could see the router from my phone wirelessly but wouldnt connect , then eventually for no reason it all came back online. I couldnt see the routers setting or nothing , checked all wires etc etc like u do . When it came back i checked the router log to find this entry :

Dec 2 10:29:45 ,Xmas port scan attack from WAN (ip:173.194.78.188) detected.

now a whois search indicates this IP to be GOOGLE wtf is all that about ...????


anyone have a clue. EDIT : seems the GOOGLE IP is probably spoofed.
 

nukeboy95

Old skool member
Member
Joined
Aug 24, 2010
Messages
2,275
Trophies
0
Location
The left side
XP
916
Country
United States
Various hackers are scanning your public IP address (WAN). Those are the hacker's IP addresses.
This is fairly normal, every person on the Internet is scanned by hundreds of hackers every day. Your router is doing its job - blocking them. fyi that ip is goolge's
 

Rydian

Resident Furvert™
Member
Joined
Feb 4, 2010
Messages
27,880
Trophies
0
Age
36
Location
Cave Entrance, Watching Cyan Write Letters
Website
rydian.net
XP
9,111
Country
United States
anyone have a clue. EDIT : seems the GOOGLE IP is probably spoofed.
Can't spoof an IP like that, if the connection log shows that IP, then it came from that IP. However that's not to say that Google is responsible, just that the last place it came through before getting to you as one of google's locations... kind of like how a criminal can convince a different guy to deliver a message. The guy is the one that delivered the message to the final destination, but he's not the one that made it.

If you don't have any ports forwarded and have no servers running (web server, minecraft server, etc.) you can safely disable the port scan failure feature thing, since nothing will be able to reach your machines anyways (all incoming traffic denied by default).
 

pwsincd

Garage Flower
OP
Developer
Joined
Dec 4, 2011
Messages
3,685
Trophies
2
Location
Manchester UK
XP
4,441
Can't spoof an IP like that, if the connection log shows that IP, then it came from that IP. However that's not to say that Google is responsible, just that the last place it came through before getting to you as one of google's locations... kind of like how a criminal can convince a different guy to deliver a message. The guy is the one that delivered the message to the final destination, but he's not the one that made it.

If you don't have any ports forwarded and have no servers running (web server, minecraft server, etc.) you can safely disable the port scan failure feature thing, since nothing will be able to reach your machines anyways (all incoming traffic denied by default).


Yeah , i guess i used "spoof" as an uneducated term for the attacker masking their true ID .
No servers currently running , however come xmas day my son will be all over his new laptop/minecraft account and im sure he'll be messing with trying to have his own server , and my other son will be on his wiiu ( and probably i will be hosting a local server to trial this mp4 streaming feature)(not sure if that counts) , ill have a mooch through the router cofig for a disable port scan thingy-ma-jig . - would that disable the router going belly up on this sort of occurance.


@nukeboy : whats clear wire ?
 

FAST6191

Techromancer
Editorial Team
Joined
Nov 21, 2005
Messages
36,798
Trophies
3
XP
28,284
Country
United Kingdom
Clearwire is a 3g ISP in the US.

Re spoofing an IP like that- you kind of can by altering the return address section ( http://nemesis.sourceforge.net/ or maybe hping as well as a whole bunch of others listed on http://linuxpoison.blogspot.com.ar/2008/10/tools-for-creating-tcpip-packets.html are relatively simple tools aimed at it) but if you want data returned it is utterly pointless unless you also control the "faked" return address. That said if you know such a router will effectively DOS itself as a result it could still be considered useful.
 

pwsincd

Garage Flower
OP
Developer
Joined
Dec 4, 2011
Messages
3,685
Trophies
2
Location
Manchester UK
XP
4,441
Thanks for the advice , no as im in the good ole U of K im not clearwire , just switched from SKY ( i hate them) to talk talk , router is actually a dlink router and not that shite sagem crap from sky. So hopefully it will have more settings/control for me .
 

Originality

Chibi-neko
Member
Joined
Apr 21, 2008
Messages
5,716
Trophies
1
Age
35
Location
London, UK
Website
metalix.deviantart.com
XP
1,904
Country
TalkTalk... my condolences. They're the bastard child of Tiscali and AOL (and Carphone Warehouse for that matter). They're also the most complained about broadband provider in 2011 (Ofcom statistics), although that's probably because both AOL and Tiscali were the most complained about before that.
Also, TalkTalk use BT for broadband. Same as PlusNet and several others.

Anyway, that wasn't very helpful and has little to no relevance on the topic.

As a side note, things that can cause internet droppage include overheating routers (uncommon), cache crashing in routers (common for cheaper routers, especially when P2P is involved), power spikes (depends where you are), and hung telephony sessions (common with BT). Normally resetting the router is enough to fix most problems. If it's not you, then it's usually the telephone exchange or the ISP. In both cases, only a phonecall to the ISP can get that checked and resolved, and it only takes them minutes to do (if they know what they're doing).
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Communism lol
  • SylverReZ @ SylverReZ:
    OUR products
  • The Real Jdbye @ The Real Jdbye:
    @LeoTCK actually good quality products are dying out because they can't compete with dropshipped chinese crap
    +2
  • BakerMan @ BakerMan:
    @LeoTCK is your partner the sascrotch or smth?
  • Xdqwerty @ Xdqwerty:
    Good morning
  • Xdqwerty @ Xdqwerty:
    Out of nowhere I got several scars on my forearm and part of my arm and it really itches.
  • AdRoz78 @ AdRoz78:
    Hey, I bought a modchip today and it says "New 2040plus" in the top left corner. Is this a legit chip or was I scammed?
  • Veho @ Veho:
    @AdRoz78 start a thread and post a photo of the chip.
    +2
  • Xdqwerty @ Xdqwerty:
    Yawn
  • S @ salazarcosplay:
    and good morning everyone
    +1
  • K3Nv2 @ K3Nv2:
    @BakerMan, his partner is Luke
  • Sicklyboy @ Sicklyboy:
    Sup nerds
    +1
  • Flame @ Flame:
    oh hi, Sickly
  • K3Nv2 @ K3Nv2:
    Oh hi flame
  • S @ salazarcosplay:
    @K3Nv2 what was your ps4 situation
  • S @ salazarcosplay:
    did you always have a ps4 you never updated
  • S @ salazarcosplay:
    or were you able to get new ps4 tracking it \
    as soon as the hack was announced
  • S @ salazarcosplay:
    or did you have to find a used one with the lower firm ware that was not updated
  • K3Nv2 @ K3Nv2:
    I got this ps4 at launch and never updated since 9.0
  • K3Nv2 @ K3Nv2:
    You got a good chance of buying a used one and asking the seller how often they used or even ask for a picteof not updating just tell them don't update
    K3Nv2 @ K3Nv2: You got a good chance of buying a used one and asking the seller how often they used or even ask...