[Dshield] Need Suggestions

Mike Wydra mwydra1 at comcast.net
Thu Jun 23 22:06:08 GMT 2005


Greetings:

I'm trying to do my part by reporting hits on my NAT to various ISP's. However, I'm currently taking hits from China, from a range of addresses. This range is 222.189.38.2 - 222.189.38.34. The scans are being directed against my ports 1026 and 1027. What I've been able to gather from google is this might be a "Nimda" worm doing it's thing. I NeoTraced the addresses back to Beijing (Peking), and of course, there's no information available.

I didn't want to forward my log to the list (protect my address) - but I'll send it to anyone who wants it. My question is: What's the best way to handle this, or is China just a big waste of time?

Hope I explained this correctly - and my thanks to DShield for the work your doing.

Mike Wydra
Retired AT&T 


More information about the list mailing list