Intrusion Attacks from murikon.com
mtaskew
Newbie

I'm getting intrusion attacks from murikon.com (78.159.96.17, 80)  I looked them up on whois but the phone number for the domain administrator is disconnected.  Does Verizon block attacking domains/computers?

Tags (1)
0 Likes
Re: Intrusion Attacks from murikon.com
prisaz
Legend

I get regular attacks from SQL server worms and others. I don't think Verizon would have anything to do with blocking them. Your router should catch these and drop the packets. How are you seeing these? Are these in your router firewall logs? If so, then most these attacks will do is a denial of service D.O.S., if your router is being hammered. Try rebooting your router to get another IP address. If you are concerned that these might be getting through, you can always check for open ports on your router. Go to grc.com shields up page and do a security scan on your connection. http://www.grc.com/intro.htm Another this would be to block Inbound ICMP traffic in your router. Ping requests. This would make you virtually invisable to the internet. I have everything blocked but still there are machines that go blindly on the net and attack various IP address.

Most of the attacks I get come from Asia Pacific Network.

The address you posted comes back to this location in Europe. Almost imposible to stop. 

Location: Frankfurt am Main (50.133N, 8.672E)

Network: 78-RIPE

Message Edited by prisaz on 03-01-2009 08:20 AM
Message Edited by prisaz on 03-01-2009 08:21 AM
0 Likes
Re: Intrusion Attacks from murikon.com
Techman28
Master - Level 1

guys if that happens report that to abuse@verizon.net

0 Likes
Re: Intrusion Attacks from murikon.com
prisaz
Legend

@Techman28 wrote:

guys if that happens report that to abuse@verizon.net


Cool. Should I send them copies of my firewall and intrustion detection system logs. This happens every day. At times from just randomly infected machines, or systems that may have a virus and are tring to exploit SQL server bugs. Not running SQL but these attack seem to be just targeting random IP addresses. I would be sending many mails a day. Mostly exploit attemps from China.
0 Likes
Re: Intrusion Attacks from murikon.com
Techman28
Master - Level 1

yes

0 Likes
Re: Intrusion Attacks from murikon.com
prisaz
Legend

I will. Here is a sample of a log entry I will send them. This happens daily. Many hot computers out there still spewing this stuff from China. Intentional?

IPCop IDS snort log
Date: 5 March

Date: 03/05 08:54:11
Name: MS-SQL version overflow attempt
Priority: 3
Type: Misc activity
IP Info: 220.173.32.104:65106 -> 173.66.189.104:1434
SID: 2050
Refs:

Date: 03/05 08:54:11
Name: MS-SQL Worm propagation attempt
Priority: 2
Type: Misc Attack
IP Info: 220.173.32.104:65106 -> 173.66.189.104:1434
SID: 2003
Refs:

0 Likes