My firewall has been telling me that it has been denying access to another user who is trying to get in to my computer. This is nothing new; I get them all the time. What I have started noticing is that, every thirty minutes or so, I’ll get on one from the same IP address. This address is at least pinging my computer on average every thirty minutes (it’s not a regular interval), for hours on end.
Why does this individual keep doing this? What does he think is going to happen?
He’s probably port scanning. He’s not attacking your computer specifically, but trying a range of IP addresses. Your firewall can’t tell that it’s one of many so it doesn’t report that.
So it’s nothing personal, unless you’ve got an open port :).
And he might not even know that he’s doing it if his PC was compromised…
If you want to take action you could try tracking down the ISP that owns that address and send them log files to show them what’s going on.
It’s actually the same ISP as I have (sometimes it shows up on the report). I did realize the address might not have been the same as the user who was doing it.
I figured he was port scanning, but sometimes the hits come in so frequently that it seems like he’s just doing me. I might be part of a very small group of addresses he scans, though.
-
-
- If it appears to be from the same ISP, you can definitely drop them an email about it. Don’t be accusatory–as said, it could easily be an infected computer and the user is unaware. If it’s on the ISP’s system they will want to take care to inform the user, just to avoid the (probable) email or ddos trouble.
~
- If it appears to be from the same ISP, you can definitely drop them an email about it. Don’t be accusatory–as said, it could easily be an infected computer and the user is unaware. If it’s on the ISP’s system they will want to take care to inform the user, just to avoid the (probable) email or ddos trouble.
-
A port scanning program running even on a DSL line with slow upload speed can hit between 15 & 100 ports per second. If the bad guy is just hitting a few typical ports, ie looking for the easy pickin’s, that translates to 1 to 10 different PCs scanned per second.
In an hour he can hit 3600 to 36,000 PCs. You’re almost certainly not being specificly targeted.
Sometimes it is the provider doing it. You can’t tell until you ask why address x is polling you all the time. Be able to supply the time and date of the occurances too.
I noticed a huge jump in traffic one day, and did some packet sniffing. It turns out that the offending machine has the same IP address as one of the hops that always shows up whenever I do a tracert, in other words, it’s one of my ISP’s machine. It apparently is set up to do a lot of pings and arps. I’m assuming it does this so that it can keep track of who is where and what addresses are really being used so that it won’t end up with an IP collision when it assigns DHCP addresses. It’s kind of annoying, because I used to be able to tell just looking at the lights on my cable modem if someone was up to no good.
I figured that would be possible, but I never knew hot to figure it out. I’ll send an e-mail ot frontier. It probably will turn out to be them. And I’ll resist the urge to ping back a little while longer.