Kitz Forum

Broadband Related => Broadband Technology => Topic started by: jid on December 04, 2008, 03:22:52 PM

Title: Router Firewall Blocking IP
Post by: jid on December 04, 2008, 03:22:52 PM
Would there be any reason for my router's firewall to be blocking access to this IP:-
61.147.114.27

http://whois.domaintools.com/61.147.114.27

It belongs to China Telecom? Sends request to my IP address every 5minutes...

Any ideas on this one? Is it just normal?

Kind Regards

Jamie
Title: Re: Router Firewall Blocking IP
Post by: Mick on December 05, 2008, 04:24:24 PM
What router/firewall are you using?  A stateful packet inspection firewall will block all unsolicited incoming packets (without busting your chops about it).

It is no secret that poorly protected/configured Chinese PCs are taken over at an alarming rate and used by botnets to launch spam attacks as well as intrusion attempts.  You are probably seeing some of that activity.
Title: Re: Router Firewall Blocking IP
Post by: jid on December 05, 2008, 06:12:03 PM
What router/firewall are you using?  A stateful packet inspection firewall will block all unsolicited incoming packets (without busting your chops about it).

It is no secret that poorly protected/configured Chinese PCs are taken over at an alarming rate and used by botnets to launch spam attacks as well as intrusion attempts.  You are probably seeing some of that activity.

Thanks for the advice

D Link DSL 2740B

I think I will just leave them alone as they aren't causing issues, just filling up the routers log!

Title: Re: Router Firewall Blocking IP
Post by: kitz on December 06, 2008, 01:58:16 PM
As mick says a lot of bot attacks come from China. - So much so that Ive actually IP Banned some very large IP Blocks for China-net and in particular all the Beijing ones that I could find listed on APNIC.


You could try shutting the router down for a while and picking up a new IP address, it could be that dynamic IP you have now, was previously held by someone whose PC was known to be exploitable therefore it could be why youre being probed.
However unfortunately, you are more likely to be targetted if you are with an ISP such as Tiscali, as its a fact that their users are generally known to be of the type who are less astute when it comes to the Internet and Security. 
Wannabee hackers know this and therefore will often try scanning certain IP Blocks in the knowledge that they are more likely to fall lucky.

Years ago when I was with BT, I too would get many many probes over the course of the day.  That dropped to practically zilch when I moved to Plusnet.  TBH I dont know what its like on Be, cause I dont bother logging now.

The main thing is that your router firewall is keeping them at bay :)