[Dshield] Need Suggestions
mwydra1 at comcast.net
Thu Jun 23 22:06:08 GMT 2005
I'm trying to do my part by reporting hits on my NAT to various ISP's. However, I'm currently taking hits from China, from a range of addresses. This range is 126.96.36.199 - 188.8.131.52. The scans are being directed against my ports 1026 and 1027. What I've been able to gather from google is this might be a "Nimda" worm doing it's thing. I NeoTraced the addresses back to Beijing (Peking), and of course, there's no information available.
I didn't want to forward my log to the list (protect my address) - but I'll send it to anyone who wants it. My question is: What's the best way to handle this, or is China just a big waste of time?
Hope I explained this correctly - and my thanks to DShield for the work your doing.
More information about the list