Your browser (Internet Explorer 6) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.
X

Archive for October, 2014

Post

Who’s Tried to Hack Me Today – South Korea

Quiet day today for hackers throughout the net who are desperate to get onto to my poor little web server.  Nothing as interesting as Laos unfortunately but  I’ve been having repeated attacks today from a single IP address in South Korea – 175.205.213.68, who have been targeting me today.

The IP address is registered with Korea Telecom who’s headquarters I think are in Seoul.

koreantelecom

Incidentally, if you’re interested in North Korea and the lives people lead there, I can thoroughly recommend this book by Blaine Harden, a Newspaper reporter – Escape from Camp 14: One man’s remarkable odyssey from North Korea to freedom in the West.   IT tells the tale of a North Korean who escaped from a prisoner camp in North Korea, it’s incredible stuff.

Anyway hopefully he hasn’t become a computer hacker based out of Seoul, but there are plenty of them there. My firewall logs are filled with these messages all directed at my server, from the South Korean IP address

*UDP_IN Blocked*
*TCP_IN Blocked*

This is not an actual hack attempt, but what’s called Port Scanning. Basically using tools (or by hand if you’re hard core!) you scan the target computer looking for options to attack. So the scanner will look for things like an FTP server running on port 21, or perhaps for the existent of a vulnerable server like Telnet which actually passes logon credentials in clear text. It could be thousands of other things though, some commercial scanners will look for all sorts of opportunities from an Operating System which is not patched properly or some vulnerable service.

It’s quite an amateur attempt immediately picked up by my firewall and IDS system, although to be fair he hasn’t triggered an automatic permanent block on my firewall, just temporary bans. The best scanners work very slowly, checking each port and service slowly so not to trigger defenses. Anyway doesn’t matter much to me, as I’m going to block him manually. Bye 175.205.213.68.

Posted – 24-10-14

Facebooktwittergoogle_plusredditpinterestlinkedinmail
Post

Who’s Tried to Hack Me Today – LAOS

Well it’s an interesting set of IP addresses in my logs today, so here’s the most interesting one..  Remember though, the majority of these IP addresses will be allocated automatically through ISPs and as such will change frequently, so don’t go and try and hack them back!  In fact it’s just as likely that the originator of the attack could very well be in a completely different country anyway using the address as a proxy or similar.

We start off with the IP address – 202.137.147.107 which is assigned by the Lao Telecom Company – here they are –

laotelecom

They are based in the country of Laos, which a country in South East Asia officially known as Lao People’s Democratic Republic.  It is a land locked country right next to Burma, Thailand and China.  Appears to be very poor place, with a third of the people there living under the International poverty line.

Map of Laos

What were they trying to do, to my poor besieged web server?  Well they were trying to brute force their way into my mail server, which suggests that they were spammers wanting to flood their emails through my system.

The address is now blocked from my system, but I learnt a little about a country I wasn’t too familiar with!!  They’re looks like there are some stunning temples and ruins there, definitely worth a visit.

 

laos_buddha_statue
Laos Buddha Statue

This page is getting a lot of visits from people looking for information on Laos, so I thought I add a link to the Laos Tourism Information Site.  Really want to go there now, perhaps I can go and catch my hacker!    I should add that the same attacker targeted several of my servers, but seemed to have distinct preference for US based ones, I’m guess he’s read some tutorial about how to get an American IP address, perhaps in order to get a HBO or Hulu account.

Facebooktwittergoogle_plusredditpinterestlinkedinmail