Chinese IP Scanning My Ports

Sorry if this is a daft question: I'm getting a message from my virus software saying someone is trying to scan my laptop ports and when I WHOIS the IP address I get "The country where the IP address 202.99.172.160 is allocated is CHINA".

Anyone know whats going on with that?

There are many possibilities

1) chinese government

2) chinese hackers

3) innocent chinese machine has been comprimised and being controlled
by a third party


Since midnight I've had 390150 packets denied by my firewall.

Yesterday's total was 801,278 denied packets.

Here's the daily totals since Jan 1 of 2006. These are denied packets
per day.

date packets
20060101 642704
20060102 646045
20060103 945311
20060104 831973
20060105 804586
20060106 850549
20060107 652523
20060108 981803
20060109 722261
20060110 962782
20060111 703185
20060112 705242
20060113 681625
20060114 803343
20060115 667089
20060116 858493
20060117 1072334
20060118 847786
20060119 731702
20060120 731328
20060121 656304
20060122 608278
20060123 590843
20060124 968231
20060125 867707
20060126 739823
20060127 658986
20060128 819007
20060129 924517
20060130 1107612
20060131 992304
20060201 921751
20060202 933296
20060203 722706
20060204 808916
20060205 656879
20060206 848897
20060207 779410
20060208 855001
20060209 744064


Many/most of these denied packets originate in Asia.

Most of these denied packets are targeting port 25 (smtp/email/spam), ports 135 through 139 & 445 (windows networking/filesharing), port 80 (www,http), port 1434 (ms sql server).





[edit on 2006/2/10 by McGrude]

Apparently China is fast becoming the biggest source of hacking in the world:



I'd recommend reading the rest of the article, it's got some really interesting stuff in it.

There are alot of automated scans coming out of China and Asia as a whole. If the box is up to date and fully patched theres little to worry about and you can discard the scans as part of the usual background noise of the internet. However if there are signs that its an actual person specifically probing the system then you might want to ratched up a level and start blocking IP addresses and/or ranges in whatever firewall you employ.

This has been going on to such great degree ever since we accidentally plowed one of their fishing boats with one of our submarines. Whoops!!

It sparked a "Hacker War"... they hack our webpages, we hack theirs. They hack our broadband networks, we hack theirs. It's a vicious cycle that is rarely the cause of any serious damage... as legitimate hacking should be.

Pheer those who haxor your root.exe.

If you are referring to this accident, then you are mistaken. The fishing boat was Japanese.

Ahh well I did get my facts mixed up thanks for correcting that. It was the fighter vs. spyplane collision that sparked the "War." My mistake. I knew one of our thingies hit one of their thingies, just forget which thingie.

If your bored you could always scan back , just google for angry ip scanner neat little stand alone exe (no installing )