Whats this mean ? Xmas Port Scan Attack ?

Discussion in 'Computer Software and Operating Systems' started by pwsincd, Dec 2, 2012.

Dec 2, 2012
  1. pwsincd
    OP

    Member pwsincd Garage Flower

    Joined:
    Dec 4, 2011
    Messages:
    2,973
    Location:
    Manchester UK
    Country:
    United Kingdom
    so 10 min ago i lost all internet , after several reboots of all machines , i could see the router from my phone wirelessly but wouldnt connect , then eventually for no reason it all came back online. I couldnt see the routers setting or nothing , checked all wires etc etc like u do . When it came back i checked the router log to find this entry :

    Dec 2 10:29:45 ,Xmas port scan attack from WAN (ip:173.194.78.188) detected.

    now a whois search indicates this IP to be GOOGLE wtf is all that about ...????


    anyone have a clue. EDIT : seems the GOOGLE IP is probably spoofed.
     
  2. nukeboy95

    Member nukeboy95 Leave luck to heaven.

    Joined:
    Aug 24, 2010
    Messages:
    2,273
    Location:
    not sure
    Country:
    United States
    Various hackers are scanning your public IP address (WAN). Those are the hacker's IP addresses.
    This is fairly normal, every person on the Internet is scanned by hundreds of hackers every day. Your router is doing its job - blocking them. fyi that ip is goolge's
     
  3. McHaggis

    Member McHaggis Fackin' Troller

    Joined:
    Oct 24, 2008
    Messages:
    1,656
    Country:
    United Kingdom
    My BT home hub does this about 4 times per day and I'm on a dynamic IP.
     
  4. pwsincd
    OP

    Member pwsincd Garage Flower

    Joined:
    Dec 4, 2011
    Messages:
    2,973
    Location:
    Manchester UK
    Country:
    United Kingdom
    yeah i figured its not uncommon , just more concerned that i seemed to lose all connectivity to the router at the time it happened
     
  5. Rydian

    Member Rydian Resident Furvert™

    Joined:
    Feb 4, 2010
    Messages:
    27,883
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
    Can't spoof an IP like that, if the connection log shows that IP, then it came from that IP. However that's not to say that Google is responsible, just that the last place it came through before getting to you as one of google's locations... kind of like how a criminal can convince a different guy to deliver a message. The guy is the one that delivered the message to the final destination, but he's not the one that made it.

    If you don't have any ports forwarded and have no servers running (web server, minecraft server, etc.) you can safely disable the port scan failure feature thing, since nothing will be able to reach your machines anyways (all incoming traffic denied by default).
     
  6. nukeboy95

    Member nukeboy95 Leave luck to heaven.

    Joined:
    Aug 24, 2010
    Messages:
    2,273
    Location:
    not sure
    Country:
    United States
    do you have clear wire because there servers where down for a while
     
  7. pwsincd
    OP

    Member pwsincd Garage Flower

    Joined:
    Dec 4, 2011
    Messages:
    2,973
    Location:
    Manchester UK
    Country:
    United Kingdom

    Yeah , i guess i used "spoof" as an uneducated term for the attacker masking their true ID .
    No servers currently running , however come xmas day my son will be all over his new laptop/minecraft account and im sure he'll be messing with trying to have his own server , and my other son will be on his wiiu ( and probably i will be hosting a local server to trial this mp4 streaming feature)(not sure if that counts) , ill have a mooch through the router cofig for a disable port scan thingy-ma-jig . - would that disable the router going belly up on this sort of occurance.


    @nukeboy : whats clear wire ?
     
  8. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,716
    Country:
    United Kingdom
    Clearwire is a 3g ISP in the US.

    Re spoofing an IP like that- you kind of can by altering the return address section ( http://nemesis.sourceforge.net/ or maybe hping as well as a whole bunch of others listed on http://linuxpoison.blogspot.com.ar/2008/10/tools-for-creating-tcpip-packets.html are relatively simple tools aimed at it) but if you want data returned it is utterly pointless unless you also control the "faked" return address. That said if you know such a router will effectively DOS itself as a result it could still be considered useful.
     
  9. Rydian

    Member Rydian Resident Furvert™

    Joined:
    Feb 4, 2010
    Messages:
    27,883
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
    Clearwire is an internet provider.

    Wii U stuff wouldn't open you up, it's anything that needs port forwarding (like hosting a minecraft server). Streaming within your house is fine (no ports need to be open).

    And yeah, if there's a way to disable it that'd likely help.
     
  10. pwsincd
    OP

    Member pwsincd Garage Flower

    Joined:
    Dec 4, 2011
    Messages:
    2,973
    Location:
    Manchester UK
    Country:
    United Kingdom
    Thanks for the advice , no as im in the good ole U of K im not clearwire , just switched from SKY ( i hate them) to talk talk , router is actually a dlink router and not that shite sagem crap from sky. So hopefully it will have more settings/control for me .
     
  11. Originality

    Member Originality Chibi-neko

    Joined:
    Apr 21, 2008
    Messages:
    5,151
    Location:
    London, UK
    Country:
    United Kingdom
    TalkTalk... my condolences. They're the bastard child of Tiscali and AOL (and Carphone Warehouse for that matter). They're also the most complained about broadband provider in 2011 (Ofcom statistics), although that's probably because both AOL and Tiscali were the most complained about before that.
    Also, TalkTalk use BT for broadband. Same as PlusNet and several others.

    Anyway, that wasn't very helpful and has little to no relevance on the topic.

    As a side note, things that can cause internet droppage include overheating routers (uncommon), cache crashing in routers (common for cheaper routers, especially when P2P is involved), power spikes (depends where you are), and hung telephony sessions (common with BT). Normally resetting the router is enough to fix most problems. If it's not you, then it's usually the telephone exchange or the ISP. In both cases, only a phonecall to the ISP can get that checked and resolved, and it only takes them minutes to do (if they know what they're doing).
     
  12. pyromaniac123

    Member pyromaniac123 ส็็็็็็็็็็็็็็็็็็็(ಠ益ಠส็็็็็็็็็็็็็็็็็็็

    Joined:
    Sep 24, 2011
    Messages:
    2,000
    Country:
    United Kingdom
    Santa claus is trying to get into your computer.

    Ho ho ho.
     
    triassic911 and DinohScene like this.
  13. pwsincd
    OP

    Member pwsincd Garage Flower

    Joined:
    Dec 4, 2011
    Messages:
    2,973
    Location:
    Manchester UK
    Country:
    United Kingdom
    Talk talk i know , but i totally fell out with sky , i dont have much choice , im in a cable free street :(
     
  14. Arras

    Member Arras ★02

    Joined:
    Sep 14, 2010
    Messages:
    5,717
    Location:
    The Netherlands
    Country:
    Netherlands
    He's obviously just trying to get your wish list so he can give you a nice present.
     
  15. pwsincd
    OP

    Member pwsincd Garage Flower

    Joined:
    Dec 4, 2011
    Messages:
    2,973
    Location:
    Manchester UK
    Country:
    United Kingdom
    thoughtful of him , that 50" tv i been eyeing up would go down well :)
     

Share This Page