Sign in with
Sign up | Sign in
Your question

Should I be worried; A lot of strange IPs connectng to my computer

Last response: in Networking
Share
July 3, 2011 9:37:33 AM

Took a look at my firewall and I am getting a massive amount of hits.

I would like to assume it's just 'common' but I am worried.

To give you an idea;

"HopOne Internet Corporation" from 66.36.231.[###]:80 just hit my router IP on over 2000 ports sequentially.

Company named "LeaseWeb" from 85.17.212.12:80 did the same thing. Progressively connected to me through a long list of ports.

Globe Telecom, ROMTelecom, FDC Servers, LightUp Inc, OVH SASShared Hosting, OJSC MegaFon Network, Extreme Tracking, that list goes on and on.


All of those hit me thousands of times within a couple seconds.

I am more worried about these, that hit me once or twice a few times, like

Paul Lukashenko at Network Operations Center
Caudi Arabian Oil Company, Saudi ARAMCO,
Sony Network Taiwan Limited

and I am especially worried about....

"NANTONG-RG-POLICE STATION" (222.184.240.28:13409)

Why are Chinese police stations connecting to me. I don't visit Chinese sites...
July 3, 2011 10:24:34 PM

Could just be internet background radiation. Most of those are probably computers that are infected with the many self-propagating worms of 2003-2005 that are still on the internet spewing packets out looking for new computers to infect. As long as your firewall keeps blocking them, I wouldn't worry about it.
m
0
l
July 4, 2011 12:05:57 AM

The_Prophecy said:
Could just be internet background radiation. Most of those are probably computers that are infected with the many self-propagating worms of 2003-2005 that are still on the internet spewing packets out looking for new computers to infect. As long as your firewall keeps blocking them, I wouldn't worry about it.


Thanks for the update.

What about the Chinese police department specifically. Same thing?

Chance it's just the wrong name applied to the IP address?

They tried to connect 6 times and only today (2 month history search shows they have only sent connections to me today).

0:31:43
0:45:18
2:31:42
2:52:17
3:56:29
4:46:46

All EST

All from the IP 222.184.240.28

After looking at it a little more closely. It seems like "NANTONG-RG-POLICE-STATION" is actually being connected to by me.

Says that is the IP address is the destination. UDP and TCP (most are UDP, but one is TCP). All Destinations are to the same IP and Port.

I don't use P2P so I don't know what the deal is.

Nothing to worry about?

Taking a closer look at my firewall it has also been blocking a LARGE number of IPs claiming "Blocked by DoS protection 192.168.2.#".
There is around 50 of those a day.

Common? Just the firewall doing its job?
m
0
l
Related resources
July 4, 2011 3:07:42 AM

Hmm.. that actually sounds a bit fishy.... have you run any malware scans on your computer lately?
m
0
l
July 4, 2011 4:57:58 AM

No I havn't run a malware scan persay but I am behind two routers with firewalls and AVG (free).

Considering switching to Kaspersky professional. Not sure what hte deal is.

I live in an apartment complex that forces us to share an internet connection, so I am behind my router (for my wireless and wired desktop) which is connected to their router (which is shared by between 4 people or my entire building (48 people)).


Looking at it again, it's registering connections to places like
KOOKMIN UNIVERSITY (222.111.164.188),
henan province museum (202.102.241.222),
CHINANET henan province network (222.88.125.184),
China Education and Research Network (58.198.100.228),
National Technical University of Ukraine (77.47.176.69),
Korea Advanced Institute of Science and Technology (143.248.84.91), Chulalongkorn University (161.200.212.20),
Technical University of Budapest Centre of Informa (152.66.93.28),
Pusan National University (164.125.44.117),
Massachusetts Institute of Technology (18.97.6.86),
Texas A&M University (165.91.122.96),
Stanford University (128.12.254.71),
Taiwan Academic Network (140.112.28.141)...
Russian Institute of Public Networks (195.208.14.58)

All of those are single connections made to the very same source IP : port (it's a generic router IP). Don't want to list them unless it's important.

All of those are through UDP protocols with the exception of one or two. Unlike the ones that hit me (or the ones I hit apparently) hundreds/thousands of times in a few seconds which are TCP.

There are also government organizations that are showing up like
Government Computer Center (GCC) (210.104.250.46) which traces to Korea....
Bulgarian Government Network (212.122.183.72)
Government Integrated Telecommunication Network (202.75.4.158)
Liaochengcpgovernment (218.56.0.78)

That is just today.
All single connections. All with the same source IP.

I can not think of a single reason why my computer would be trying to connect to anything in china. It's not a webpage I have visited as I check when a webpage is blocked and see what the IP is right when it happens. What ever this is, it's happening without my control.

m
0
l
July 4, 2011 2:48:20 PM

if there is an established connection, then you're infected.

You need to find ouch which application is making the connections to those sites. I think sysinternals has an app for that.
m
0
l
July 4, 2011 5:30:40 PM

You are using P2P software are these connections are a part of a swarm that is feeding you your bits and pieces of whatever it is you are downloading. You would want to block the Sony's and the police stations of the world but let the college networks through or its going to take 5000 hours to get your stuff.

Next time finish your post, don't just say all these places are hitting your PC. No one is going to initiate a connection to you for no reason unless you are infected but you need to be upfront in this forum about what you are doing to allow a honest diagnosis.
m
1
l
Anonymous
July 18, 2011 2:39:13 PM

Use PeerBlock (formally Peerguadian) it runs in the background and filters your connection... the listed addresses are blacklisted so you wont get nabbed!!
m
0
l
!