Potential Hacker? Please help.

[paul_wood]

Hi, I am new to this forum and I would like to thank everyone in advance for sharing your knowledge on computer security with people like me who have little knowledge on the subject.

I have a question concerning a few ip addresses that are constantly being detected on my firewall even when my computer is not being used but connected to the internet. They are a series of ip addresses that are traced back to China. It starts when I first turn on my computer and I look at my inbound events, immediatly I get and inbound ip address which is the same every morning. Actually they are different ip adresses but always have the same route.

Can anyone tell me what this could be.

IP addresses are as follows.

222.*8*.*8.*8
222.**6.25*.***
6*.*52.*58.*2*

There are a few others but I think one could determine whether this is a possiblie hacker by the above ip. addresses.

Also does banning these ip addresses really help prevent this person(if it is a hacker) from entering my computer?

If anyone can help I would really appreciate.

Also I do belong to a few private and public message ***rds on yahoo. Occasionally I will post and read some posts of interest. Is it safe to post on any of these message ***rds?

Thank you again and I look forward to reading responses to my questions.

Sincerely,

Paul Wood

[paul_wood]

that most of the time the ports used are *026 and *027. Also after banning a few ip addresses new ones are detected which have the same route as the ones that were banned.

Clueless at this point.

[Jack Frost]

Use the WHOIS tool on the toolbox page. I did the first IP for you:

222.*8*.*8.*8

222.*84.0.0 - 222.***.255.255
CHINANET jiangsu province network
China Telecom
A*2,Xin-Jie-Kou-Wai Street
Beijing *00088


CHINANET JIANGSU
No.268,Hanzhong Road,Nanjing 2*002*
+86-25-658878*
+86-25-6588740
[email]ip@jsinfo.net[/email]


Chinanet Host******
No.** ,jingrong street,beijing
*000*2
+86-*0-66027**2
+86-*0-5850**44
[email]host******@ns.chinanet.cn.net[/email]
[email]anti-spam@ns.chinanet.cn.net[/email]

As for posting, it's generally safe. The site/forum you post at will typically log your IP, but only admins at the site can see that info. How well do you trust the sites you post at? If you want to be anonymous simply use a good anonymous proxy when you post. The site will see the IP of the proxy, and not your real IP..


Hope this helps.

[SyntaXmasteR]

You will always find strange IPs trying to connect to strange ports if you check your firewall logs. People have scripts constantly scanning the web for open ports on venerable computers.

Your best bet would be to block those IP addresses from passing through your firewall. Your even safer route would be to block all incoming ports and then poke holes in your firewall for specific programs that need to use certain ports. You will still see the IPs in your logs but you wont have to worry about them breaching your firewall.