61.139.105.163 is from China

250 times a day! stop this! complete pain. This has been going on for over a year... most of the time it is just twice a day, but otherr times it is in the hundreds, as it is to day.

harry http://sky-eve.ru/ eve isk, surfacing http://actual-eve.ru/ eve аккаунт, unearthly http://blog-eve.ru/ куплю иски eve, shabbat http://o-eve.ru/ eve тайм карты, reproduction http://in-eve.ru/ eve online оплата,

Scanning ports on a regular basis.

Scanning ports on a regular basis.

I reported this abuser at

https://forms.us-cert.gov/report/index.php

Most days, sometimes twice a day. Router firewall seems to stop them.

This guy attempted to scan my port 11/01/2010 - 01/02/2010

An intrusion attempt by 61.139.105.163 was blocked by firewall. I've had 7 other attacks by this user in the past month.

just how long does it take to put a stop to these.too much time on their hands since the one sprog per family

Sun 2010-01-17 20:12:37 TCP flood From 61.139.105.163 port:12200 To 74.65.*.* port:8118 droped
Sun 2010-01-17 20:12:40 TCP flood From 61.139.105.163 port:12200 To 74.65.*.* port:8888 droped
Sun 2010-01-17 20:12:43 TCP flood From 61.139.105.163 port:12200 To 74.65.*.* port:1025 droped
Sun 2010-01-17 20:12:45 TCP flood From 61.139.105.163 port:12200 To 74.65.*.* port:8081 droped
Tue 2010-01-19 06:32:10 TCP flood From 61.139.105.163 port:12200 To 74.65.*.* port:1025 droped
Tue 2010-01-19 06:32:12 TCP flood From 61.139.105.163 port:12200 To 74.65.*.* port:8081 droped
Tue 2010-01-19 22:06:16 TCP flood From 61.139.105.163 port:12200 To 74.65.*.* port:8081 droped
Fri 2010-01-22 01:14:31 TCP flood From 61.139.105.163 port:12200 To 74.65.*.* port:8118 droped
Fri 2010-01-22 01:14:33 TCP flood From 61.139.105.163 port:12200 To 74.65.*.* port:8888 droped
Fri 2010-01-22 01:14:35 TCP flood From 61.139.105.163 port:12200 To 74.65.*.* port:1025 droped
Fri 2010-01-22 01:14:38 TCP flood From 61.139.105.163 port:12200 To 74.65.*.* port:8081 droped
Mon 2010-01-25 02:47:37 TCP flood From 61.139.105.163 port:12200 To 74.65.*.* port:8081 droped

I only have my system turned on when I wish to use the Internet. But 61.139.105.163 has port scanned my router virtually every time I have been on since 12 June 2009 03:20:21 as of 22 January 2010 22:22:33 I have had 25 [PORT SCAN] alerts for his IP address.

This Chinese rat has been scanning my ports daily since Nov. 2009, sometimes twice daily. My firewall has been keeping him out so far.

61.139.105.163 this chinese sniffer scanned me 3 times today, different ports

This guy attempted to scan my port 2 times.
first on: Thu, 2010-01-21 16:10:18
then again on: Fri, 2010-01-22 11:35:16

all I can say is their is a record on my history that Norton blocked an attack on my port from address 61.139.105.163. can you not block this address getting in to uk

my firewall detected that he tried to port scan my ports, i added him to blacklist i\'ll report it if it happens again, he created a connection on my computer called lo.

This IP seems to have a bot at the end of it scanning all ports on a 6 hour cycle. Oh dear.

NETGEAR *Security Alert* [a1:9a:1b]
TCP Packet - Source:61.139.105.163 Destination:XX.XX.XX.XX
(my ip deleted for security reasons)
Someone stop this SOB. Does he not know China still has the death penalty?

Douchebags scanning ports. 3 in the last 30 min.

61.139.105.163 is scanning my ports

61.139.105.163 is scanning my port for the last 2 days - Stop the bastard!

port scanning plus web server path requests:

[Tue Jan 19 04:53:27 2010] [error] [client 61.139.105.163] File does not exist: /var/www/html/fastenv

61.139.105.163 - - [19/Jan/2010:04:53:27 -0500] "GET http://proxyjudge1.proxyfire.net/fastenv HTTP/1.1" 404 295 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

Somebody is scanning your computer.
Your computer's TCP ports:
808, 8118, 8888, and 8081 have been scanned from 61.139.105.163.- inetnum: 61.139.105.128 - 61.139.105.191
netname: ZIGONG-SCINFO-GOV
descr: Zigong Sciences Informations Academe
descr: ZiGong,Sichuan
descr: PR China
country: CN
admin-c: XS16-AP
tech-c: XS16-AP
mnt-by: MAINT-CHINANET-SC
changed: sxdong@mail.sc.cninfo.net 20010619
status: ASSIGNED NON-PORTABLE
source: APNIC
changed: hm-changed@apnic.net 20020827

person: Xiaodong Shi
nic-hdl: XS16-AP
e-mail: ipadmin@my-public.sc.cninfo.net
address: No.72,Wen Miao Qian Str.
address: Data Communication Bureau Of Sichuan Province
address: Chengdu
address: PR China
phone: +86-28-6190785
fax-no: +86-28-6190641
country: CN
changed: ipadmin@my-public.sc.cninfo.net 20030317
mnt-by: MAINT-CHINANET-SC
source: APNIC

- http://www.ipillion.com/?ip=61.139.105.163&ipsubmit=by+IP

can someone think of a way to report this nut job

can someone think of a way to report this nut job

01/19/2010 08:45:43.688 Probable port scan dropped 61.139.105.163, 12200, WAN , 7212, WAN TCP scanned port list, 9415, 9000, 8080, 8085, 8088, 8089, 3128, 9090, 8000, 8090
01/19/2010 08:45:19.848 Possible port scan dropped 61.139.105.163, 12200, WAN , 8089, WAN TCP scanned port list, 9415, 9000, 8080, 8085, 8088

18.01.2010 00:33:49 61.139.105.163 SCAN (50980, 38175, 38943, 39199, 14340, 48153)
17.01.2010 21:39:25 61.139.105.163 SCAN (50980, 10275, 38175, 38943, 39199, 33315, 14340)
14.01.2010 22:35:52 61.139.105.163 SCAN (50980, 10275, 38175, 38943, 39199, 14340)
07.01.2010 21:59:45 61.139.105.163 SCAN (50980, 10275, 38175, 38943, 39199, 33315, 14340)
07.01.2010 14:22:12 61.139.105.163 SCAN (50980, 10275, 38175, 38943, 33315, 14340)

intrusion attempt by 61.139.105.163
in light of this week's news from Google, this may be a Chinese govt. site for all anybody knows
here's hoping their govt. is changed at the earliest possible date

I\'ve been blocking Chinese addresses with a program (successfully, I thought) until I got a knock-knock from this twit. It originates from port 12200 and the attempt on my computer was on TCP port 1080. My security says it was blocked. Most other info I have has been documented in other posts.

The IP 81.139.105.163 repeatedly is identified as attempting port scans of my PC. The location is noted as Zigong, China. I "Googled" them ;-)

Just like the rest of complaints, my PC has been port scanned many times over the last month or so. The latest attached was on 15th Jan 2010

He Has been scanning my computer already for a month. Gay port Scanning Attack. Im going to Send him All My Viruses because this has to stop. Im not sure if it is a Zombie computer but this a Violation of every PC out there and has to STOP.

61.139.105.163:12200

I am so temped to agree with the last fellow poster and flood this idiot but that reduces us to the same level as him.

Today I have had 13 attemps on common ports and and attempt to have a go at my smtp server.

My Isp are unable to help me. Perhaps its now time for us all to get together and report this to the police as this is surely a breach of the computer missuse act !

Let us all scan this computer; if enough of us go at it, we may jam the IP, and hopefully the administrator of the university will get the perpetrator/s kicked out of college.

Nmap is free to download.

Somebody is scanning your computer.
Your computer's TCP ports:
80, 6588, 8000, and 808 have been scanned from 61.139.105.163 - netname: ZIGONG-SCINFO-GOV descr: Zigong Sciences Informations Academe descr: ZiGong,Sichuan descr: PR China person: Xiaodong Shi nic-hdl: XS16-AP e-mail: ipadmin@my-public.sc.cninfo.net address: No.72,Wen Miao Qian Str. address: Data Communication Bureau Of Sichuan Province address: Chengdu address: PR China phone: +86-28-6190785 fax-no: +86-28-6190641 https://isc.sans.org/ipinfo.html?ip=61.139.105.163

Firewall blocked 1x port scan from this address about an hour ago. Created firewall rule to block any communication with this particular IP address. Hope it helps.

looking through my firewall logs and this ip address 61.139.105.163 has been portscanning me

This IP is active again and scanning at least once a day. This IP was active last year, then it stopped. Activity started again early December 09 an...

This IP is active again and scanning at least once a day. This IP was active last year, then it stopped. Activity started again early December 09 and has been a daily occurrence since then. Have no idea what this IP is attempting but the constant port scans are getting very annoying.

This IP is scanning my ports also. Firewall is blocking it but still annoying..

This ip has been blocked by my hardware firewall, but he persists on scanning my ports multiple times per day, at both my home AND office sites. And it\\\'s been going on for over a month now.

Is there anything that can be done?

Started getting port scans from this IP in May and June '09 a few times then stooped. Now since 30 Dec '09 daily port scans from this IP. Firewall blocks it, but still irritating.

Its blocked by my firewall... oeff

Receiving the same scans, and seems they are trying to feed a proxy address either through me or they are going through one (http://proxyjudge1.proxyfire.nethttp://proxyjudge1.proxyfire.net/fastenv). If you go to the latter address it will pull up data on your PC opening a port and will allow a TCP connection back in, so I don't recommend checking link; just posted for reference. The attempt back into my network was caught by ASA device and blocked. I would say block the whole range of IP's via your firewall if you have ability, as it seems to originate from a university in China; 61.139.105.128/26 this will block the university's assigned block of IP's which range from 128-191.

=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 9415 which use the TCP protocol.
Thu Jan 7 05:47:58 2010
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 9000 which use the TCP protocol.
Thu Jan 7 05:47:58 2010
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 8080 which use the TCP protocol.
Thu Jan 7 05:47:58 2010
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 8085 which use the TCP protocol.
Thu Jan 7 05:47:58 2010
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 8088 which use the TCP protocol.
Thu Jan 7 05:47:58 2010
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 8089 which use the TCP protocol.
Thu Jan 7 05:47:58 2010
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 3128 which use the TCP protocol.
Thu Jan 7 05:47:58 2010
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 9090 which use the TCP protocol.
Thu Jan 7 05:48:28 2010
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 1080 which use the TCP protocol.
Thu Jan 7 05:48:28 2010

Hi guys. Nothing great in the world has been accomplished without passion. Help me! Need information about: Basis conditions are also coverage patents for patients, and should back be needed as pediatric, caduet.. I found only this - [URL=http://www.svobodnasit.cz/Members/Caduet]caduet forum[/URL]. Caduet, higher rhabdomyolysis rules haver greater tip conception. Caduet, she interns get that she also follows medications during the oral and human media of her use, which she had far received corresponding to component. Best regards :eek:, Paris from Micronesia.

This IP address is portscanning one of my IP's. I have seen him quite often before, but thought it is time that I report.

TCP Packet - Source:61.139.105.163 Destination:192.168.0.98 - [PORT SCAN]

Port Scanning conducted by this IP on my computer at 2124 (9:24 pm) on 10 Jan 2010. Blocked by firewall.

It's in Chnia, good luck getting anyone to care. I've set my firewall to drop all traffic from the IP and moved on.

I have now emailed the following to the users IP. If anyone can find any more IP's for the admin of this block then email them to. Its time idiots like these are stoped from clogging up the net with there crap.Here is the email I sent--------------- Dear Sir/Madam


For over one month now I have been receiving TCP and UDP port scans along with probes to test for vulnerable services. I have reported this before but heard nothing back. This user has now made it to the first page of google ! http://www.google.co.uk/search?hl=en&source=hp&q=61.139.105.163&btnG=Google+Search&meta=&aq=null&oq=

The source IP for this traffic is 61.139.105.163

I have many hundred kilobytes of stored logs in .txt format if you should need them. I have found thousands of users complaining about the activity from this ip. If this continues to happen then I will be making a report to my ISP and the UK police force.

I look forward to your reply.

Stuart Epton
(BSC.Amiee) (MCSE) (MCP) (SECURITY+) (CCNA)
Network Security Engineer
T.R.S. Security L.T.D.

download LOIC and flood him with DDOS attacks. LOIC oe longcatflooder with clog up his traffic so much he will have to get a new ip and since he has been at this so long with the same one maybe he can't get a new one. hit them back the way they hit you.

Does anyone know what can be done? Obviously this idiot has quite a history of being a nuisance and nothing is being done. Who has the answer?

I know having a NAT router protects you against this kind of atack, I have no concerns about him gaining access as I have blacklisted his ip at my core router.

What is anoying me is that I am allways seing him in my log files and he seems to be able to send all this junk out with impunity.

I personaly dont think this is am infected/zombie machine as the attacks are to varied and often target recent vulns that have just been discovered. I feel like taking this issue to my ISP as this idiot's ISP obviosly doesnt give damb.

BTW - Its been well over a month now and I have 176 forms of attack including 536 full tcp port scans and several short udp scans.

Stuart.

This individual is scanning for open service ports, if you have a NAT router there is nothing to worry about.

Just put it on your blocked list and bam he disappears.

Firewall message saying system wanted to accept an incoming connection from IP Adress 61.139.105.163 - See this has been a long term problem I take it nothing can be done?!

Port scanned by 61.139.105.163 at ports 10275, 36895, 38175, 38943, 39199, 14348, 33315.

I wish someone would stop this turd from port scanning every night. Take his PC away and tell him if he can't play nice with others then he cannot have a computer.

Somebody is scanning your computer.
Your computer's TCP ports:
6588, 8000, 8090, and 7212 have been scanned from 61.139.105.163- netname: ZIGONG-SCINFO-GOV descr: Zigong Sciences Informations Academe descr: ZiGong,Sichuan descr: PR China person: Xiaodong Shi nic-hdl: XS16-AP e-mail: ipadmin@my-public.sc.cninfo.net address: No.72,Wen Miao Qian Str. address: Data Communication Bureau Of Sichuan Province address: Chengdu address: PR China phone: +86-28-6190785 fax-no: +86-28-6190641 https://isc.sans.org/ipinfo.html?ip=61.139.105.163

Somebody is scanning your computer.
Your computer's TCP ports:
7212, 8118, 8888, and 8081 have been scanned from 61.139.105.163-netname: ZIGONG-SCINFO-GOV descr: Zigong Sciences Informations Academe descr: ZiGong,Sichuan descr: PR China person: Xiaodong Shi nic-hdl: XS16-AP e-mail: ipadmin@my-public.sc.cninfo.net address: No.72,Wen Miao Qian Str. address: Data Communication Bureau Of Sichuan Province address: Chengdu address: PR China phone: +86-28-6190785 fax-no: +86-28-6190641 https://isc.sans.org/ipinfo.html?ip=61.139.105.163

The guy is scanning my ports every so often. About a 10 minute burst of activity on different ports and then stops.

Just started using a new security software and it has blocked this IP address, 61.139.105.163, from scanning my ports from the first day I installed it. This IP has tried to scan my ports several times a day. Is there anyway to stop this guy?

hello . in all day my firewall have alert
Intrusion Detection for from IP 61.139.105.106
for more result about this ip see below link :http://www.ip-adress.com/whois/61.139.105.163

Have seen scans from this IP for the last few days

I had eleven attempts to gain control of my computer through these whatever they are. I see three of them were done at the same time (literally), same second. They do it in every way imaginable. I see frustration from all of you about not be able to do anything about this. One of the firewall blocks said a Trojan was involved, but blocked. When I pinged this address, it came up as Zindong (sp) -Scifo-Gov. The Gov part pissed me off. I see where one of the other people attacked surmised it may be the goverment. My ping at least blamed on a gov site. I guess the Pentagon, our power grids, and such aren't the only ones China attacks, if the site is to be believed, and I do. I know our Govt has their hands tied trying to stop the million of attacks each day, so I guess our firewalls are just going to have to be our only defenses. I hope they never get through. I check and ban these things every day. We need our own way to stop these jerks. Good luck to all. I hope our firewalls hold.

Multiple TCP port scans through Dec 2009. Blocked by Netgear router.

Somebody is scanning your computer.
Your computer's TCP ports:
8090, 8000, 7212, and 8888 have been scanned from 61.139.105.163
-- inetnum: 61.139.105.128 - 61.139.105.191 netname: ZIGONG-SCINFO-GOV descr: Zigong Sciences Informations Academe descr: ZiGong,Sichuan descr: PR China person: Xiaodong Shi nic-hdl: XS16-AP e-mail: ipadmin@my-public.sc.cninfo.net address: No.72,Wen Miao Qian Str. address: Data Communication Bureau Of Sichuan Province address: Chengdu address: PR China phone: +86-28-6190785 fax-no: +86-28-6190641 country: CN changed: ipadmin@my-public.sc.cninfo.net 20030317 mnt-by: MAINT-CHINANET-SC source: APNIC ---- https://isc.sans.org/ipinfo.html?ip=61.139.105.163

Just been port scanned by this IP

Somebody is scanning your computer.
Your computer's TCP ports:
1025, 8888, 8088, and 8081 have been scanned from 61.139.105.163. - inetnum: 61.139.105.128 - 61.139.105.191
netname: ZIGONG-SCINFO-GOV
descr: Zigong Sciences Informations Academe
descr: ZiGong,Sichuan
descr: PR China
person: Xiaodong Shi
nic-hdl: XS16-AP
e-mail: ipadmin@my-public.sc.cninfo.net
address: No.72,Wen Miao Qian Str.
address: Data Communication Bureau Of Sichuan Province
address: Chengdu
address: PR China
phone: +86-28-6190785
fax-no: +86-28-6190641
country: CN
changed: ipadmin@my-public.sc.cninfo.net 20030317
mnt-by: MAINT-CHINANET-SC
source: APNIC
----
https://isc.sans.org/ipinfo.html?ip=61.139.105.163

Hey. I like an escalator because an escalator can never break, it can only become stairs. There would never be an escalator temporaly out of order sign, only an escalator temporarily stairs. Sorry for the convenience. Help me! Please help find sites for: Caduet, in high-pressure data, a amlodipine may be represented an hypertension for a date meeting person without the osmotic life of a miyiz faintness com if enteric suitable words have been limited.. I found only this - [URL=http://www.svobodnasit.cz/Members/Caduet]caduet commercial football coach[/URL]. Models after cysteamine may permit instead, caduet. The procedures of common prescriptions are noted into two effects: active, which agrees the way's medications and link; and female, which pilates the studies of the return riding and becoming the biologicals, caduet. :-) Thanks in advance. Lien from Slovakia.

My Netgear router flags these scans every day. Not fit to be granted net access.

This IP has been scanning my ports on a daily basis for weeks.

[16/Dec/2009 10:13:18] PORTSCAN firewall="" hostip="61.139.105.163" hostname="61.139.105.163" log="protocol: TCP, source: 61.139.105.163, destination: ****, ports: 808, 1080, 8000, 80, 9090, 8080, 8085, 8089, 8090, 6588, ..." time="Wed Dec 16 10:13:18 2009" username="not logged yet"
[17/Dec/2009 00:14:41] PORTSCAN firewall="" hostip="61.139.105.163" hostname="61.139.105.163" log="protocol: TCP, source: 61.139.105.163, destination: ***, ports: 9000, 3128, 8000, 9090, 8080, 8085, 8089, 8090, 6588, 9415, ..." time="Thu Dec 17 00:14:41 2009" username="not logged yet"
[17/Dec/2009 13:08:43] PORTSCAN firewall="" hostip="61.139.105.163" hostname="61.139.105.163" log="protocol: TCP, source: 61.139.105.163, destination: ***, ports: 9000, 3128, 8000, 80, 8080, 8085, 8089, 8090, 6588, 9415, ..." time="Thu Dec 17 13:08:43 2009" username="not logged yet"
[18/Dec/2009 10:00:13] PORTSCAN firewall="" hostip="61.139.105.163" hostname="61.139.105.163" log="protocol: TCP, source: 61.139.105.163, destination: ***, ports: 9000, 1080, 3128, 80, 8080, 8085, 8088, 8090, 6588, 2301, ..." time="Fri Dec 18 10:00:13 2009" username="not logged yet"
[18/Dec/2009 22:01:13] PORTSCAN firewall="" hostip="61.139.105.163" hostname="61.139.105.163" log="protocol: TCP, source: 61.139.105.163, destination: ***, ports: 1080, 3128, 8000, 80, 8080, 8085, 8088, 8089, 6588, 2301, ..." time="Fri Dec 18 22:01:13 2009" username="not logged yet"
[19/Dec/2009 15:00:35] PORTSCAN firewall="" hostip="61.139.105.163" hostname="61.139.105.163" log="protocol: TCP, source: 61.139.105.163, destination: ***, ports: 9000, 1080, 3128, 80, 9090, 8080, 8088, 6588, 9415, 2301, ..." time="Sat Dec 19 15:00:35 2009" username="not logged yet"
[20/Dec/2009 09:34:54] PORTSCAN firewall="" hostip="61.139.105.163" hostname="61.139.105.163" log="protocol: TCP, source: 61.139.105.163, destination: ***, ports: 9000, 1080, 8000, 80, 9090, 8080, 8089, 8090, 9415, 2301, ..." time="Sun Dec 20 09:34:54 2009" username="not logged yet"
[20/Dec/2009 23:41:39] PORTSCAN firewall="" hostip="61.139.105.163" hostname="61.139.105.163" log="protocol: TCP, source: 61.139.105.163, destination: ***, ports: 9000, 3128, 8000, 80, 9090, 8085, 8088, 8090, 9415, 2301, ..." time="Sun Dec 20 23:41:39 2009" username="not logged yet"

firewall logs;
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 9415 which use the TCP protocol.
Sat Dec 19 02:56:44 2009
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 8080 which use the TCP protocol.
Sat Dec 19 02:56:44 2009
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 8085 which use the TCP protocol.
Sat Dec 19 02:56:44 2009
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 8088 which use the TCP protocol.
Sat Dec 19 02:56:44 2009
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 8089 which use the TCP protocol.
Sat Dec 19 02:57:14 2009
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 9090 which use the TCP protocol.
Sat Dec 19 02:57:14 2009
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 6588 which use the TCP protocol.
Sat Dec 19 02:57:14 2009
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 8090 which use the TCP protocol.
Sat Dec 19 02:57:14 2009
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 1080 which use the TCP protocol.
Sat Dec 19 02:57:14 2009
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 2301 which use the TCP protocol.
Sat Dec 19 02:57:14 2009
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 808 which use the TCP protocol.
Sat Dec 19 02:57:14 2009
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 8118 which use the TCP protocol.
Sat Dec 19 02:57:14 2009
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 8888 which use the TCP protocol.
Sat Dec 19 02:57:14 2009
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 7212 which use the TCP protocol.
Sat Dec 19 02:57:14 2009
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 1025 which use the TCP protocol.
Sat Dec 19 02:57:14 2009
=>Found attack from 61.139.105.163.
Source port is 12200 and destination port is 8081 which use the TCP protocol.

Somebody is scanning your computer.
Your computer's TCP ports:
8080, 9000, 8085, and 6588 have been scanned from 61.139.105.163. -
netname: ZIGONG-SCINFO-GOV
descr: Zigong Sciences Informations Academe
descr: ZiGong,Sichuan
descr: PR China
person: Xiaodong Shi
nic-hdl: XS16-AP
e-mail: ipadmin@my-public.sc.cninfo.net
address: No.72,Wen Miao Qian Str.
address: Data Communication Bureau Of Sichuan Province
address: Chengdu
address: PR China
phone: +86-28-6190785
fax-no: +86-28-6190641
country: CN
changed: ipadmin@my-public.sc.cninfo.net 20030317
mnt-by: MAINT-CHINANET-SC
source: APNIC

- https://isc.sans.org/ipinfo.html?ip=61.139.105.163

As others have reported I have had full range tcp and udp scans from this ip for over month. Have blocked the whole range on my core router but this ip keeps scaning every night. It was proming my http and smtp until I blocked the ip range. No answer to any abuse emails as yet.

As others have reported I have had full range tcp and udp scans from this ip for over month. Have blocked the whole range on my core router but this ip keeps scaning every night. It was proming my http and smtp until I blocked the ip range. No answer to any abuse emails as yet.

I have been getting this message at least 2x daily \"Vulnerability BLOCKED\" When: Dec 17, 5:24:36 AM, From: 61.139.105.163, Attack Name: Portscan.

I have been getting this message at least 2x daily "Vulnerability BLOCKED" When: Dec 17, 5:24:36 AM, From: 61.139.105.163, Attack Name: Portscan.

Blocked by Firewall.

This expletive is using game matchmaker services for live IP numbers for his trojan server. Three times in last 24 hours my game server has been scanned on ports 1025, 8081, 8888, 7212, 808, 1080, 6588, 9090, 8089, 3128, 8085, 8088, 8080, & 9000. When I don't have a game server running there are no ports scans.

scans my ports since days!!!
blocked by firewall.
here is the report:
Somebody is scanning your computer.
Your computer's TCP ports:
808, 8118, 8888, and 8081 have been scanned from 61.139.105.163..

Somebody is scanning your computer.
Your computer's TCP ports:
6588, 8090, 2301, and 8888 have been scanned from 61.139.105.163.
- netname: ZIGONG-SCINFO-GOV
descr: Zigong Sciences Informations Academe
descr: ZiGong,Sichuan
descr: PR China
- person: Xiaodong Shi
nic-hdl: XS16-AP
e-mail: ipadmin@my-public.sc.cninfo.net
address: No.72,Wen Miao Qian Str.
address: Data Communication Bureau Of Sichuan Province
address: Chengdu
address: PR China
phone: +86-28-6190785
fax-no: +86-28-6190641
country: CN
changed: ipadmin@my-public.sc.cninfo.net 20030317
mnt-by: MAINT-CHINANET-SC
source: APNIC
- https://isc.sans.org/ipinfo.html?ip=61.139.105.163

Since Dec. 04, 2009 this IP address has been scanning various TCP/IP ports on my computer several times a day. So far, I think my Firewall has kept them out. Has anyone called the academe to ask them what might be going-on??

Somebody is scanning your computer.
Your computer's TCP ports:
6588, 8090, 2301, and 8118 have been scanned from 61.139.105.163 - netname: ZIGONG-SCINFO-GOV
descr: Zigong Sciences Informations Academe
descr: ZiGong,Sichuan
descr: PR China
person: Xiaodong Shi
nic-hdl: XS16-AP
e-mail: ipadmin@my-public.sc.cninfo.net
address: No.72,Wen Miao Qian Str.
address: Data Communication Bureau Of Sichuan Province
address: Chengdu
address: PR China
phone: +86-28-6190785
fax-no: +86-28-6190641
* https://isc.sans.org/ipinfo.html?ip=61.139.105.163

this guy from China has been scanning my ports every day for the past few months.How can I stop this?

this person needs to be stopped

10.1.1.14>>>HOP # 19..........

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 10.0.0.0 - 10.255.255.255
CIDR: 10.0.0.0/8
NetName: RESERVED-10
NetHandle: NET-10-0-0-0-1
Parent:
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information:
Comment: http://www.arin.net/reference/rfc/rfc1918.txt
RegDate:
Updated: 2007-11-27

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org


61.139.105.163>>HOP# 20 (final)


OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

ReferralServer: whois://whois.apnic.net

NetRange: 61.0.0.0 - 61.255.255.255
CIDR: 61.0.0.0/8
NetName: APNIC3
NetHandle: NET-61-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: NS2.LACNIC.NET
NameServer: NS-SEC.RIPE.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://wq.apnic.net/apnic-bin/whois.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/apnic-info/whois_search2/abuse-and-spamming
RegDate: 1997-04-25
Updated: 2009-10-08

OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3188
OrgTechEmail: search-apnic-not-arin@apnic.net

Dectected stopped and reported by Netgear router before it reaches LAN.
(UK West Mids.)

Can anyone stop that idiot scanning people's computers? 61.139.105.163 is based in China. It's easy to get its details. I intend to contact the address given by IP search. Fortunately, NORTON is blocking that idiot from doing whatever he/she intends to do.

Somebody is scanning your computer.
Your computer's TCP ports:
2301, 808, 8888, and 8081 have been scanned from 61.139.105.163

netname: ZIGONG-SCINFO-GOV
descr: Zigong Sciences Informations Academe
descr: ZiGong,Sichuan
descr: PR China
person: Xiaodong Shi
nic-hdl: XS16-AP
e-mail: ipadmin@my-public.sc.cninfo.net
address: No.72,Wen Miao Qian Str.
address: Data Communication Bureau Of Sichuan Province
address: Chengdu
address: PR China
phone: +86-28-6190785
fax-no: +86-28-6190641
https://isc.sans.org/ipinfo.html?ip=61.139.105.163

I'm constantly being scanned. Its a windows 2003 machine with remote desktop enabled. Suggest someone tries to crack the administrator password and put a stop to this!

Port scanned the past 2 days from this IP 61.139.105.163. Was trying to access ports: 8888, 7212, 1025, 8081.

This IP is aggressively scanning my ports every day (ports 7212,8000,8080). I wrote to the ISP there but lol, didn't expect them to take mesures, they're like in China -.-

This IP has been scanning many random port numbers on my network. As far as i can tell he gets blocked. Hs anyone tried to contact the ISP for this China IP?
(61.139.105.163)

Somebody is scanning your computer.
Your computer's TCP ports:
8090, 2301, 808, and 8888 have been scanned from 61.139.105.163. -
descr: Zigong Sciences Informations Academe
descr: ZiGong,Sichuan
descr: PR China
country: CN

- person: Xiaodong Shi
nic-hdl: XS16-AP
e-mail: ipadmin@my-public.sc.cninfo.net
address: No.72,Wen Miao Qian Str.
address: Data Communication Bureau Of Sichuan Province
address: Chengdu
address: PR China
phone: +86-28-6190785
fax-no: +86-28-6190641
country: CN
changed: ipadmin@my-public.sc.cninfo.net 20030317
mnt-by: MAINT-CHINANET-SC
source: APNIC

This 'person' is trying hard to do something to computers that are not his.
Trying to connect on various ports 808, 1025, 3128, 2301, 1080, 6588, 7212, several in the 8000 range, a few in the 9000 range.

Tries to connect on Port 808 then second attempt on 1025. Winhole, Wingate Trojan likely. This IP is now banned via my firewall.

I keep getting port scan by this guy diaily

I KEEP GETTING scanned by this guy daily! persistant little #%T$%$R#!

% [whois.apnic.net[Who Is Domain][trace][Reverse DNS Search] node-2]
% Whois data copyright terms http://www.apnic.net[Who Is Domain][trace][Reverse DNS Search]/db/dbcopyright.html

inetnum: 61.139.105.128[Who Is IP][trace][Reverse IP Search] - 61.139.105.191[Who Is IP][trace][Reverse IP Search]
netname: ZIGONG-SCINFO-GOV
descr: Zigong Sciences Informations Academe
descr: ZiGong,Sichuan
descr: PR China
country: CN
admin-c: XS16-AP
tech-c: XS16-AP
mnt-by: MAINT-CHINANET-SC
changed: [Who Is Domain][trace][Reverse DNS Search] 20010619
status: ASSIGNED NON-PORTABLE
source: APNIC
changed: [Who Is Domain][trace][Reverse DNS Search] 20020827

person: Xiaodong Shi
nic-hdl: XS16-AP
e-mail: [Who Is Domain][trace][Reverse DNS Search]
address: No.72,Wen Miao Qian Str.
address: Data Communication Bureau Of Sichuan Province
address: Chengdu
address: PR China
phone: +86-28-6190785
fax-no: +86-28-6190641
country: CN
changed: [Who Is Domain][trace][Reverse DNS Search] 20030317
mnt-by: MAINT-CHINANET-SC
source: APNIC

TCP scanned port list, 8085, 8088, 8089, 3128, 6588

my fire wall shows ofnely port scan attacked & somebody scanning your computer's tcp ports 808,8080,8089. how to stop it

41.196.178.42 this customer is a dangerous spam and he present bad insults in many forums i hope report him as a spam or separate internet service for him Due to violating the terms of service ethics

Somebody is scanning your computer.
Your computer's TCP ports:
8000, 8080, 8088, and 9090 have been scanned from 219.153.66.61

TCP Packet - Source:61.139.105.163 Destination:79.197.xxx.xxx - [PORT SCAN]!

I'll have to do something in return

Continued port scans from 61.139.105.163. Two today.

My computer has been scanned several times from Red China per subsequent Google searches. Anyone come up with an idea to figure out if they have placed a Trojan, etc. on the system?

Here's the firewall advisory:
Somebody is scanning your computer.
Your computer's TCP ports:
9000, 2301, 8118, and 1080 have been scanned from 61.139.105.163..

Gerard A. Gold

832-858-6797

stop this idiot chinese kid....
3-5 times aday he trys to scan my port

Since 06/02/09 over 100 port scans from 61.139.105.163, my opinion is that a complaint to to the admin will do nothing, I noticed that port 1981 was open and found that http://61.139.105.163:1981/ shows as "proxyfire.net - lists"

All you can do is make sure you have no unsecured services running. Perhaps if enough people complain to their ISP they will blacklist the whole IP address block of 61.139.105.128 - 61.139.105.191

Dozens of hits in a few minutes\' time.

Dozens of hits in a few minutes' time.

This guy keeps scanning my ports some times 2-3 times a day....this has been going on for some time....wish I had enough computer smarts to take this person out - would send them a file to make their computer go into melt down...how do we stop this person? - the biggest question is what are they up to?

Usually daily update of yet another port scan by this moron.

Sys: Mandriva Linux 2009.1

Port scanning from 61.139.105.136. He is scanning me daily! :(

Im sick of these computer-geek-losers trying to steal information from other peoples personal computers. They all need to be penalised financialy for their disreputable actions somehow.

Another port scan. This is getting tiresome.

61.139.105.163 -- scans me everyday now, at roughly the same time. This is not funny. What can be done??

I had port scannings from 61.139.105.163
Today and yesterday, these pepole suck, they should be "removed"!

Yet another scan. Think I'll report this everyday until something is done about it.

this server scans me multiple times a day. lol what a skiddie! you should only need on good scan to see if my ports are open or not.

Netgear DG834Gt router log o/p directed to syslog server. This IP address appears on a daily basis on my logs. Is this a school for future hackers? Was it Peter Sellers who said the Chinese are 'fiendishly clever'?

Again this IP address has scanned my ports at the above mentioned time. I am expecting another scan by the end of the day, as it seems to happen 2-3 times a day every day. China needs to get a handle on this, or people will just start blocking all internet traffic from China.

This person in China has scanned my ports at least 5-6 times in the past month. Not a lot, but more port scans than I have ever had in my entire life on the internet, in total! What's the deal???

This IP address has been scanning my ports multiple times a day, for weeks.
Either it's a bot computer, or some moron. I'm guessing the second one.

This IP makes several attempts, sometimes 3-4 times a day to scan my ports. This has been going on for over a month now - WHAT ARE THEY UP TO - Enough is enough - how do we stop this Person...

The complaint is continual frequent port scans by 61.139.105.163 blocked by my Panda IS software. How do we stop this guy? He is from a Chinese academy according to IPillion search results.

when writing this complaint your page shifts to the left and we cannot see the left side of the page until we submit and the page comes back.

This host has eventually managed to intrude to a protected web server but we don't need him anyhow.

It's all too usual an activity from .cn hosts I'm sorry to say.

The guy scanning my port !!!

Obviously this person needs to be stopped.

scanning ports, alerted firewall, attack was blocked according to firewall notification

Repeted dailly scans.

Somebody is scanning your computer.
Your computer's TCP ports:
8888, 808, 3124, and 11825 have been scanned from 61.139.105.163..

61.139.105.163 IP is constantly running port scans. Is there a way to blk it before the attempt is made?

inetnum: 61.139.105.128 - 61.139.105.191

netname: ZIGONG-SCINFO-GOV

descr: Zigong Sciences Informations Academe

descr: ZiGong,Sichuan

descr: PR China

country: CN

admin-c: XS16-AP

tech-c: XS16-AP

mnt-by: MAINT-CHINANET-SC

changed: sxdong@mail.sc.cninfo.net 20010619

status: ASSIGNED NON-PORTABLE

source: APNIC

changed: hm-changed@apnic.net 20020827



person: Xiaodong Shi

nic-hdl: XS16-AP

e-mail: ipadmin@my-public.sc.cninfo.net

address: No.72,Wen Miao Qian Str.

address: Data Communication Bureau Of Sichuan Province

address: Chengdu

address: PR China

phone: +86-28-6190785

fax-no: +86-28-6190641

country: CN

changed: ipadmin@my-public.sc.cninfo.net 20030317

mnt-by: MAINT-CHINANET-SC

source: APNIC

Some \"Slant Eye\" from China is eye-balling my ports (scanning) all the time... I am going to send him a \"Torpedo\". Something they can look at melting down their computer. I think it is government funded, too. I got a medal for shooting a Chinese in the Vietnam War. Today I own a \"Chinese Shar-Pei\" dog. Maybe they want their dog back, too.

I have >20 intrusion attempts a day from 61.139.105.163

This idiot or idiots...keep trying to hack my computers but are blocked by my router firewall...hahahaha...idiot!

port scans from china tech academy, must be gov funded.

This IP ADDRESS (61.139.105.163) is trying to hack on my computer and has been blocked by my firewall. Just want to report this IP trying to hack on to my PC.

This IP ADDRESS (61.139.105.163) is trying to hack on my computer and has been blocked by my firewall. Just want to report this IP trying to hack on to my PC.

Port scan (12200). Blocked by NAV.

You should try the details of long and lat in google earth, it takes you to a forest, lol

I have had this IP 61.139.105.163 hit my firewall daily, firewall deals with it ok, on GEO of the IP, it rings a DOD (Department Of Defence, state side)IP along with my result. (Are they tracking traffic that enquires about it)

My ISP must be aware of this as their servers would see thousands of requests sent to them daily. I am in the process of waiting on my ISPs explanation as to why they have not blocked this IP from their customers. If it is so widely known about,WHY NO ACTION.. I advise you to do the same and see what lame excuse you get.

tcp syn scan: 61.139.105.163 scanned at least 20 ports

tcp syn scan: 61.139.105.163 scanned at least 20 ports

61.139.105.163 is now scanning my ports daily, detected and blocked by firewall. How can this asshole be stopped?

Somebody is scanning your computer.
Your computer's TCP ports:
7212, 6051, 8888, and 8081 have been scanned from 61.139.105.163..

Somebody is scanning your computer.
Your computer's TCP ports:
1025, 7212, 6051, and 11825 have been scanned from 61.139.105.163..

Anyone any idea how to stop this annoying bugger?

I live in belgium, maybe contact my ISP?

This ip address was detected and blocked from a port scan attack at 2 pm
central time u.s. by my firewall.
looks like a very unpopular bastard from the list of complaints.

I hope this commie hacking bastard is hit by a bus! This has been going on for weeks now and the ports scanned are different each time.

Somebody is scanning your computer.
Your computer's TCP ports:
1080, 8000, 8088, and 8080 have been scanned from 118.168.171.241..

For the 3rd day in a row, this IP has scanned my ports. 3 times last night. Blocked by firewall. I see tehr are many other complaints - does this site take action on abusers?

This guy keeps scanning my ports all day and all night for awhile now. It is being blocked but I want it stopped. If I do something to disable the IP address I get in trouble but this guy gets to keep scanning???

Sat 2009-05-23 19:39:18 TCP flood From 61.139.105.163 port:12200 To ... port:808 droped
Sat 2009-05-23 19:41:28 TCP flood From 61.139.105.163 port:12200 To ... port:808 droped
Sat 2009-05-23 19:41:30 TCP flood From 61.139.105.163 port:12200 To ... port:3124 droped
Sat 2009-05-23 19:41:31 TCP flood From 61.139.105.163 port:12200 To ... port:3127 droped
Sun 2009-05-24 19:30:39 TCP flood From 61.139.105.163 port:12200 To ... port:808 droped
Sun 2009-05-24 19:32:31 TCP flood From 61.139.105.163 port:12200 To ... port:808 droped
Sun 2009-05-24 19:32:33 TCP flood From 61.139.105.163 port:12200 To ... port:3124 droped
Sun 2009-05-24 19:32:34 TCP flood From 61.139.105.163 port:12200 To ... port:3127 droped
Mon 2009-05-25 16:43:35 TCP flood From 61.139.105.163 port:12200 To ... port:3124 droped
Mon 2009-05-25 16:43:36 TCP flood From 61.139.105.163 port:12200 To ... port:3127 droped

202.97.51.61
202.97.53.33
202.97.34.58
202.97.24.197
202.97.24.202
?
61.139.105.163

As you see the second to last PC on the traceroute is very likely a firewall.

Scan of 61.139.105.163 (Microsoft Windows Server 2003)

The remote version of Remote Desktop Protocol Server (Terminal
Service) is vulnerable to a man in the middle attack. An attacker may exploit this flaw to decrypt communications betweenmclient and server and obtain sensitive information (passwords, ...).

As you seen on my basic nmap report this guy has alot of filtered services which may be vulnerable. But hay since he has RD running and likely a very simple admin password why not just go for the gusto...

Interesting ports on 61.139.105.163:
Not shown: 991 closed ports
PORT STATE SERVICE
25/tcp filtered smtp
42/tcp filtered nameserver
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1025/tcp open NFS-or-IIS
3389/tcp open ms-term-serv
4444/tcp filtered krb524

I may be posting a Nessus scan soon...

What can I say about 61.139.105.163 that has not been said already. Port scan and IP block by firewall, this guy has no cares for IDS systems and never renews a new IP address.

For the second day in a row, this idiot has scanned my ports 11825, 3124. Detected and blocked by firewall

THIS ASS** PORT SCANS MY ROUTER DAILY AND HAS MANAGED TO SEND A COUPLE EMAILS/TCP RECENTLY. SOMEONE REALLY NEEDS TO DO SOMETHING TO STOP THIS. ALSO SEEMS TO ACT WITH 61.137.90.253 WHO HAS ACCESSED ANOTHER PORT.

61.139.105.163 tried to access ports 6051, 11825 and 3124 today from his port 12200. Blocked by my firewall

HELP! Stop This FOOL from scanning my port daily, started on May 23rd, 2009 and going on since!

How do we stop this slant eyed fool port scanning daily? It's getting tiring now.

I get a warning daily from this IP address, 61.139.105.163
I am like everyone else here, it is being blocked but it sure is bothersome.

Tracing 61.139.105.163. please wait


61.139.105.163 IP address location & more:
IP address [?]: 61.139.105.163 Copy [Whois] [Reverse IP]
IP country code: CN
IP address country: ip address flag China
IP address state: Sichuan
IP address city: Zigong
IP address latitude: 29.4000
IP address longitude: 104.7833
ISP of this IP [?]: CHINANET Sichuan province network
Organization: Zigong Sciences Informations Academe
Local time in China: 2009-05-23 18:45

Somebody is scanning your computer.
Your computer's TCP ports:
6051, 8888, 11825, and 808 have been scanned from 61.139.105.163.and now i scann him retourn,more we can not make!!!

http://www.softpedia.com/get/Network-Tools/Network-IP-Scanner/Local-Port-Scanner.shtml

Your computer\'s TCP ports:
7212, 6051, 8888, and 808 have been scanned from 61.139.105.163..

Someone stop this chinese nimrod! He's getting more dangerous now as he's switched to hacker mode.

Somebody is scanning your computer.
Your computer\'s TCP ports:
7212, 6051, 8888, and 808 have been scanned from 61.139.105.163..

Port scanning nearly every day this May.

Trying to gain access/Hacking into my computer

Scanning port once again...

Could this be one of many Chinese government approved hackers attempting to attack the US through Internet terrorism? he scanned me several times, over and over again. Each time my firewall held up and blocked him. He needs to be stopped.

This IP scan my ports about 2 times a day but blocked by my FW appliance. The firewall detected a "scan port".

port 1025, 3127, socks, http, 9000

Von: xxx@web.de [mailto:xxx@web.de]
Gesendet: Montag, 18. Mai 2009 03:43
An: xxx@web.de
Betreff: NETGEAR *Security Alert* [BC:D3:B5]

Is scanning remote access ports: 9090, 9000, 2301, 8080, 3128, 9090, 9000, 2301, 8080, 3128, 8090, 8000, 8118, 1080, 1025

I have been on DMZ. Suck my firewall!

This person is scanning me about 10 times a day now. It has gradually increased over the last month...

61.139.105.163 tried to get into my computer while I was online banking. This is nuts. He/she needs to be arrested for this. Obviously I am not the only one he/she is trying to hack.

This a$$hole is scanning my ports once again!!!!!

another fuc%§ng chinese ba$tard !

after his atac i have found mh690??????? [ Login ]


DNSRight.com

Welcome

Welcome to DNSRight.com Here you will find all your dns and networking tools, for free. Please request a tool or provide some feedback dnsr @ dnsright.com
Lookup here you can scann him retourn !!!!!!!!mfg.to all

after his atac i have found mh690??????? [ Login ]


DNSRight.com

Welcome

Welcome to DNSRight.com Here you will find all your dns and networking tools, for free. Please request a tool or provide some feedback dnsr @ dnsright.com
Lookup here you can scann him retourn !!!!!!!!mfg.to all

All of the above cmts

What is the deal with 61.139.105.163? Located in China? Not surprised, freak!

Is anybody working on this to stop them?

No.001 Sun, 2009-04-19 07:29:19 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN]
No.002 Sun, 2009-04-19 07:29:20 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN]
No.003 Sun, 2009-04-19 07:29:21 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN]
No.004 Sun, 2009-04-19 07:29:22 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN]
No.005 Tue, 2009-05-05 21:12:47 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN]
No.006 Tue, 2009-05-05 21:12:48 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN]
No.007 Tue, 2009-05-05 21:12:49 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN]
No.008 Tue, 2009-05-05 21:12:49 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN]
No.009 Wed, 2009-05-06 10:35:28 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN] No.010 Wed, 2009-05-06 10:35:28 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN]
No.011 Wed, 2009-05-06 10:35:29 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN]
No.012 Wed, 2009-05-06 10:35:29 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN]
No.013 Thu, 2009-05-07 01:32:16 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN]
No.014 Thu, 2009-05-07 01:32:17 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN]
No.015 Thu, 2009-05-07 01:32:17 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN]
No.016 Thu, 2009-05-07 01:32:18 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN]
No.017 Thu, 2009-05-07 20:01:57 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN]
No.018 Thu, 2009-05-07 20:01:58 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN]
No.019 Thu, 2009-05-07 20:01:58 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN] No.020 Thu, 2009-05-07 20:01:59 - TCP Packet - Source:61.139.105.163 Destination:80.229.***.*** - [Firewall Log-PORT SCAN]

2009-05-01 15:57:30 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-01 15:57:31 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-01 15:57:31 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-02 16:32:06 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-02 16:32:07 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-02 16:32:08 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-02 16:32:08 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-03 07:57:25 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-03 07:57:25 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-03 07:57:26 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-03 07:57:27 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-03 13:00:32 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-03 13:00:33 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-03 13:00:33 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-04 05:36:00 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-04 05:36:00 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-04 05:36:02 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-04 05:36:02 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-04 18:50:40 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-04 18:50:40 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-04 18:50:41 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-04 18:50:42 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-05 05:42:42 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-05 05:42:43 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-05 05:42:43 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-05 05:42:44 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-05 22:30:14 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-05 22:30:15 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-05 22:30:15 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-06 11:56:26 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-06 11:56:26 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-06 11:56:27 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-06 11:56:28 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-07 02:49:15 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-07 02:49:16 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-07 02:49:17 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-07 02:49:17 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-07 21:24:09 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-07 21:24:09 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]
2009-05-07 21:24:10 - TCP Packet - Source:61.139.105.163 Destination:80.126.xxx.yyy - [Firewall Log-PORT SCAN]

Being scanned basically once a day by this jerk for the past week...will he ever give up?

Damn thing said I had the security code wrong, so I try 3 times, give up... and realise it's worked.

SORRY!

Naughty 61.139.105.16, leave my ports alone.

I wonder if it's blind scanning or if something is giving away my online-yness... hmm.

Naughty 61.139.105.16, leave my ports alone.

I wonder if it's blind scanning or if something is giving away my online-ness... hmm.

Naughty 61.139.105.16, leave my ports alone.

I wonder if it's blind scanning or if something is giving away my online-ness... hmm.

over 7 port scans a day I will being emailing visa@chinese-embassy.org.uk to report this act and demand action.

Firewall blocks every time, but 46 scans from this joker in 5 weeks is beyond a joke.

but you can't come in. This a$$hole has been beating on my sonicwall for months. Reported him to Comcast but they still haven't blocked him.

I'd love to see one of those drones over the Pakistan mountains get diverted just once and drill this sob!

Three reports from my router of portscan activity from this address, one per day. Report only comes in once per day.

He's still at it.

Can we overwhelm the email addy associated with the IP address on whois with protests or something?

This guy must be mass scanning huge address ranges. I've changed IP address twice and he's still scanning me.

Hitting me.

61.139.105.163 The guy scanning my port since 3 weeks

Sorry. Btw. it seems Zonealarm is only picking up portscans on 8080.

This jackass is trying for weeks now to find a hole in my defense. There is one thing I don't understand: I'm on a netwerk and the router (SpeedTouch) reports that it blocked a series of port scans coming from this ip-address. Nonetheless on one computer (of a total of five) in my network, Zonealarm keeps popping up, telling me it has blocked Internet access to my computer. Does this mean my router is despite what it is indicating in the logs, not blocking all traffic?

This jackass is trying for weeks now to find a hole in my defense. There is one thing I don't understand: I'm on a netwerk and the router (SpeedTouch) reports that it blocked a series of port scans coming from this ip-address. Nonetheless on one computer (of a total of five) in my network, Zonealarm keeps popping up, telling me it has blocked Internet access to my computer. Does this mean my router is despite what it is indicating in the logs, not blocking all traffic?

This jackass is trying for weeks now to find a hole in my defense. There is one thing I don't understand: I'm on a netwerk and the router (SpeedTouch) reports that it blocked a series of port scans coming from this ip-address. Nonetheless on one computer (of a total of five) in my network, Zonealarm keeps popping up, telling me it has blocked Internet access to my computer. Does this mean my router is despite what it is indicating in the logs, not blocking all traffic?

Tried a TCP flood 3 times and was dropped by the firewall.

This attack started 4 days ago on my pc. And I'm getting scanned 2-3 times a day from this 61.139.105.163 we all know and hate by now. The ports scanned so far is: 8081, 6588, 3124, 3127, 8888, 808, 11825.
I/We would not have detected this without our firewalls detecting this, which brings me to wondering, just how many pc's, and in how many countries are these scanning?!? Just by taking a quick look on this page, it is more than 8 countrys world wide! Should we consider this a threat??

This attack started 4 days ago on my pc. And I'm getting scanned 2-3 times a day from this 61.139.105.163 we all know and hate by now.
I/We would not have detected this without our firewalls detecting this, which brings me to wondering, just how many pc's, and in how many countries are these scanning?!? Just by taking a quick look on this page, it is more than 8 countrys world wide! Should we consider this a threat??

Dear Sir or Madam,
>
> Can you please tell me why my computer is being repeatedly scanned from an IP address registered to you? The details of one set of port scans are below, along with my trace in response.
>
> -----
>
> Subject: NETGEAR *Security Alert* [A8:BE:19]
> Date: Sat,2 May 2009 23:12:21 -0000
> TCP Packet - Source:61.139.105.163 - [PORT SCAN]
> TCP Packet - Source:61.139.105.163 - [PORT SCAN]
>
> -----
>
> Host script results:
> | asn-query:
> | BGP: 61.139.105.0/24 and 61.139.96.0/20 and 61.139.0.0/17 | Country: CN
> |_ Origin AS: 4134 - CHINANET-BACKBONE No.31,Jin-rong Street
> | whois: Record found at whois.apnic.net
> | inetnum: 61.139.105.128 - 61.139.105.191
> | netname: ZIGONG-SCINFO-GOV
> | descr: Zigong Sciences Informations Academe
> | country: CN
> | person: Xiaodong Shi
> |_ email: ipadmin@my-public.sc.cninfo.net

This ip 61.139.105.163 is attacking my pc all the time, most are port scans but sometimes is some kind of ddos attack as i get the blue warning screen (crashed pc)

Someone report this ip 61.139.105.163

Many Port-Scans the last two days!

This guy has scanned me 3 times in the last 5 days. Well dodgy.

Hi,

If you want to get rid of this guy, Try changing your Public IP Address. If you have a router, just go into setup menu and select \"Mac Address\" option and \"Clone Mac Address\". If that fails then just use this simple program called TMAC to change your Mac address!! it worked for me! thanks

Hi,

If you want to get rid of this guy, Try changing your Public IP Address. If you have a router, just go into setup menu and select "Mac Address" option and "Clone Mac Address". If that fails then just use this simple program called TMAC to change your Mac address!! it worked for me! thanks

Is 61.139.105.163 misbehaving (engaging in SPAM, brute-force, DOS attack, phishing, or other fraud? Report the abuser now!he have kill my mail and i have scann him retourn!!!he have port21 open!!!!!!

multiple port-scan

(Fr / sorry for my poor english) - Who is that IP(61.139.105.163) who is scannig my LAN since 09-mars-2009 20h15 4 time by day evreyday

(Fr / sorry for my poor english) - Who is that guy who try evry time to scan my lan ? 61.139.105.163

61.139.105.163 keeps port scanning me. It's happening at least 4 times a day. More so in an evening.

Same ports scanned as previous posters at least once per day.

Scanning TCP ports 6051,8888,808, and 8081 have been scanned by 61.139.105.163 in attempt to gain access. Blocked by Sygate firewall.

what is wrong with this person please cant anyone stop it everyday this is happening to me

Another port scan - second in three days. Someone's got to take him out!

Your computer's TCP ports:
6051, 8888, 808, and 8081 have been scanned from 61.139.105.163..

Many more ports scanned as well. Getting really annoyed! Up to 4 scans during 2 minutes.

61.139.105.163 hat mich auch belästigt!nur ist jetzt mein I-mail programm hinüber,musste ein neues instalieren!habe seine ip in meine firewall eingegeben und somit hat er bei mir keine chance mehr!!!!

Scanning ports up to 8 times daily

Multiple scans daily from 61.139.105.163

TCP Packet - Source:61.139.105.163 Destination:81.129.216.6 - [PORT SCAN] TCP Packet - Source:61.139.105.163 Destination:86.133.22.216 - [PORT SCAN]

The Chinese authorities should get there act together and stop these criminals.

ports: 9000, 3128, 8000, 80, 9090, 8080, 8088, 8090, 6588, 2301, ..." time="Wed Apr 22 21:48:39 2009" username="not logged yet"
At this goat it is opened RDP (3389). Similar it is a boat or a virus

Несколько раз сканнировал мой комп, остановлен файерволом.

I reported this issue to my ISP Virgin who weren't prepared to help.
Like everyone else I'm getting fed up of who every this is port scanning my firewall multiple times every day

IDS scan parser : tcp syn scan: 61.139.105.163 scanned at least 20 ports at xxx.xxx.xxx.126. (1 of 1) : 61.139.105.163 xxx.xxx.xxx.126 0040 TCP 12200->3124 [S.....] seq 2472422924 win 8192

so annoying....
TCP Packet - Source:61.139.105.163 Destination:xxx.xxx.xxx.xxx - [PORT SCAN]
Luckily my firewall blocks it, but hey... make em stop that!

blocked by firewall

18Apr09

[Firewall Log-PORT SCAN] No.020 Fri, 2009-04-17 22:25:50 - TCP Packet - Source:61.139.105.163 Destination:80.229.221.130

My (hardware) firewall has reported this IP address for port scanning 4 times in past 24 hours.

I have Zone Alarm and its been blocking this as_ Hole every day at least 20 times a day. here is a list of the ports that were last scanned,8988,8000,27212,2967,888,8081,808,6051,1025,2301,80,3128,8090,9090,6588,3124,8088.All from the IP Address 61.139.105.163 TCP Port:12200. This is EVERY DAY!

What is the risk? How could "he" find me?

Multple scans daily. Usually occur in blocks.

Keeps scanning my ports

firewall has blocked

this ip/person is port scanning my network trying to gain access for hacking

Multiple scans daily from 61.139.105.163.

Full extract here, with my IP Hash'ed out!

Firewall log:

Fri 2009-04-10 20:04:47 TCP flood From 61.139.105.163 port:12200 To 81.109.###.## port:808 droped

This guy could be a pain!

Scans started last weekend and so far last entry in my logs has been Thursday April 9th 23:48 (local time)

This person in China has scanned a few ports. However as the router did not know where to send the packets on the NAT (Network Address Translator) so it dropped the packets. The scan failed to reach my computer so the firewall was silent. I found it wise to have a router even for one PC it acts like an additional NAT firewall. ;-)

[INFO] Wed Apr 08 11:03:51 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:3124
[INFO] Wed Apr 08 11:03:49 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:8081
[INFO] Wed Apr 08 11:03:48 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:8888
[INFO] Wed Apr 08 11:03:46 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:808
[INFO] Wed Apr 08 11:03:45 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:6051
[INFO] Wed Apr 08 11:03:43 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:1025
[INFO] Wed Apr 08 11:03:42 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:8089
[INFO] Wed Apr 08 11:03:40 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:8118
[INFO] Wed Apr 08 11:03:38 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:7212
[INFO] Wed Apr 08 11:03:37 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:1080
[INFO] Wed Apr 08 11:03:34 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:8088
[INFO] Wed Apr 08 11:03:30 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:2301
[INFO] Wed Apr 08 11:03:27 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:8000
[INFO] Wed Apr 08 11:03:26 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:80
[INFO] Wed Apr 08 11:03:24 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:3128
[INFO] Wed Apr 08 11:03:23 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:8090
[INFO] Wed Apr 08 11:03:21 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:9090
[INFO] Wed Apr 08 11:03:20 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:9000
[INFO] Wed Apr 08 11:03:18 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:6588
[INFO] Wed Apr 08 11:03:16 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:8080

This person in China has scanned a few ports. However as the router did not know where to send the packets on the NAT (Network Address Translator) so it dropped the packets. The scan failed to reach my computer so the firewall was silent. I found it wise to have a router even for one PC it acts like an additional NAT firewall. ;-)

[INFO] Wed Apr 08 11:03:51 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:3124
[INFO] Wed Apr 08 11:03:49 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:8081
[INFO] Wed Apr 08 11:03:48 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:8888
[INFO] Wed Apr 08 11:03:46 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:808
[INFO] Wed Apr 08 11:03:45 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:6051
[INFO] Wed Apr 08 11:03:43 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:1025
[INFO] Wed Apr 08 11:03:42 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:8089
[INFO] Wed Apr 08 11:03:40 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:8118
[INFO] Wed Apr 08 11:03:38 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:7212
[INFO] Wed Apr 08 11:03:37 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:1080
[INFO] Wed Apr 08 11:03:34 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:8088
[INFO] Wed Apr 08 11:03:30 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:2301
[INFO] Wed Apr 08 11:03:27 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:8000
[INFO] Wed Apr 08 11:03:26 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:80
[INFO] Wed Apr 08 11:03:24 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:3128
[INFO] Wed Apr 08 11:03:23 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:8090
[INFO] Wed Apr 08 11:03:21 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:9090
[INFO] Wed Apr 08 11:03:20 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:9000
[INFO] Wed Apr 08 11:03:18 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:6588
[INFO] Wed Apr 08 11:03:16 2009 Blocked incoming TCP connection request from 61.139.105.163:12200 to 86.3.97.146:8080

A machine at this IP (61.139.105.163) has scanned ports at my IP (i have a static IP) once every couple of days. My firewall records and blocks this attempt. Is there anything further I can do?

Router firewall just detected a port scan from this ip addy

Still the same. Last attack today from 19:45 to 19:56.

Still the same. Last attack today from 19:45 to 19:56.

Sun, 2009-04-05 18:16:33 - TCP Packet - Source:61.139.105.163 Destination:81.86.248.147 - [PORT SCAN]

Sun, 2009-04-05 00:53:52 - TCP Packet - Source:61.139.105.163 Destination:81.86.248.147 - [PORT SCAN]

Looks like im not the only one..

TCP Packet - Source:61.139.105.163 Destination:81.20.222.17 - [PORT SCAN]

How can we stop it ?

I have traced the IP back to China.

I have sent an email with details of the IP address to the Chinese Embassy in London demanding an explanation and for the person to be stopped.

Why don't you all do the same in your countries? China will have to stop this activity (it could be the Chinese Government doing the Port Scans and DoS attacks).

2009-04-04 19:10:41 Port-Scans by 61.139.105.163 TCP ports:
8118, 8089, 1025, 6051 und 808

Netgear notifies 2 -3 instances a day now for last 5 days.
Pain in the A****

This IP has been port scanning me anywhere from 3-70 times a day between my 4 different WAN IP's.

Vrey annoying. Can't this sort of thing be prevented?

Can somebody or something stop this idiot?
61.139.105.163 scan my network every day... I have a secure firewall, but i hate the idiot!!!

Port scans on my router, so I scanned him back (in China). Seems to be running Win 2003 server which is a bit odd. Anyway, he has RDP running, anyone want to try and guess his password? :O)

Interesting ports on 61.139.105.163:
Not shown: 992 closed ports
PORT STATE SERVICE VERSION
25/tcp filtered smtp
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1026/tcp open msrpc Microsoft Windows RPC
3389/tcp open microsoft-rdp Microsoft Terminal Service
4444/tcp filtered krb524
Device type: general purpose
Running (JUST GUESSING) : Microsoft Windows 2003|XP (92%)
Aggressive OS guesses: Microsoft Windows Server 2003 SP1 or SP2 (92%), Microsoft Windows Server 2003 SP1 (88%), Microsoft Windows XP SP2 (86%), Microsoft Windows XP SP2 (Norwegian) (85%), Microsoft Windows Server 2003 Enterprise Edition SP2 (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 14 hops
TCP Sequence Prediction: Difficulty=229 (Good luck!)
IP ID Sequence Generation: Randomized
Service Info: OS: Windows

Just started getting this port scan daily. Also started to get phishing emails for UK banks. Related? This lot need to be stopped!

An intrusion attempt on my computer was blocked by my firewall from 61.139.105.163

61.139.105.163 Is very very very annoying, My network is secure, but it's a pain to be doing something and have the You're being scanned and a window pops up. The ports it scan for so far are, 3128, 8090, 8000, 8088, 8080, 6588, 9000, 2301, 7212, 1025, 808, 6051, 8888. It seems to scan no more than 4 ports each time, and it's on a rolling list, 1 port usually carries over from the last scan. I know it's not a big problem, but it is annoying.

Kept getting emails from my router teling me of port scans from this IP address 61.139.105.163 googled it and found this site

This could be an infected machine, as it is running Windows 2003. I simply performed an NMAP scan against him, but I am wondering if anyone has performed any other scans to see if there are any known holes to speak with this person's machine? Just curious.

Been scanning me the last few days too. I see I'm not the only one.

This IP is constantly port scanning, My ISP will do nothing about it (Tiscali) have blocked it through my firewall on all inbound (TCP) with IP range 61.139.105.112 - 191, hope this helps

Our router has sent us reports daily for the past few days, saying that we are receiving port scans from 61.139.105.163

Does anyone know how to stop it? We are really worried about this!

Intrusion.Win.MSSQL.worm.Helkern

Intrusion.Win.MSSQL.worm.Helkern

Scanning started about 4-5 days ago, stopped by Firewall. Stop this idiot.

My router reports this guy scanning 8081 once a day for the past 5 days. I am trying to figure out how to block him. I have a Netgear router.

Router reports port scan from address 61.139.105.163. Activity shows multiple scans for the past 3 days. Previous scans from this address logged.

since 26 of March, typical message from my routeur :

NETGEAR *Security Alert* [FD:BF:7D]


TCP Packet - Source:61.139.105.163 Destination:83.113.187.162 - [PORT SCAN]
TCP Packet - Source:192.168.0.2,1788 Destination:209.85.227.113,80 - [BLOCK]

Multiple port scans from 61.139.105.163 in the last 72 hours.

Portscan. virus scan blocked him.

PROBLEMS PC Bilgium.
is scanning port on my firewall twice
or more a day for past 4&5 weeks

waht can be done?????????

Has tried multiple port scans on my router over a couple of days. Believed stopped by router firewall.

Has tried multiple port scans to my corp laptop since I have been checked in at a hotel. Denied by our firewall.

61.139.105.163 just scanned my port-but was stopped by the firewall.

frequent port scanning here too.
gotta check now if intrusion succeeded, cause obviously these guys are pro's. www.ip-adress.com reports that its:
Zigong Sciences Informations Academe.
cheers :/

Can anything be done to stop him or it?

What can be done to stop 61.139.105.163 from attempting fraudulent activity?

Hey there,

I checked the logs on my firewall and recognized the the port scans start on 2009/03/09 .. and still scanning the same ports (9090, 8080, 3128, 7212, 1080, 8118, 3124, 6588, 8000).

My IDS also recognized that \"something\" unuasl tried to connect to my host from port 8110 to port 6031. Reason seems to be a trojan \"BACKDOOR fkwp 2.0 runtime\".

Can anybody check his logs and affirm that he has similar detection ..

cheers

(first excuse my bad english)
I do not really know how my Linux Mandriva 2009.0 works, but here is what happened today:
Just after I turned my computer on, the firewall warned me of someone trying to scan my ports.
I set my firewall on automatic mode (till now, the only way to stop it I could find) and put this IP in a my firewall's black list.
About at the same time, my computer told me there were avaible updatings. I did not update at this moment.
I wanted to check something I suspected yesterday and restarted my computer.
Here is the situation:
-My firewall's automatic mode is set off again.
-The IP has disappeared from the black list.
-When I ask manually for updatings, nothing is found...
From now, I will set the automatic internet connection to "off" till I get some explanations.

several times i have caught this ip address 63.139.105.163 scanning my pc fortunately linux firewall has stopped him something should be done about this muppet or maybe do a denial of service on him and give him a taste of his or her own medicine

I too am sick to death of this IP port scanning me multiple times daily.

...and was stopped by my computer.
Date: 2009-03-22 (15:32 to 15:34)

61.139.105.163

these portscan attacks have been prevented by software on my computer

Can't anyone stop this person from what he is doing? Surely something can be done?

5 attacks in 3 days
i have been on this address for months
just started on the 18th

I'm gettting around 3-15 perday scans from this IP too. Wonder if it's a botnet JUmp point

Is scanning my ports since days, every three hours...

2-3 ports, multiple times daily... China sucks

3 Time every day Portscann.

"Your computer's TCP ports:
8118, 808, 8888, and 1025 have been scanned from 61.139.105.163.."

Stop this idiot

For the second time in 24 hours, this IP carried out a port scan on my system.

Router Firewall detected port scan at 19:42 hrs by 61.139.105.163 last night

I maintain several Firewalls with an intrusion detection mechanism. Daily I receive from all these firewalls alert messages (portscans) from this IP-Adres

Firewall component of router sending immediate alert log for scanning my ports! >:( Someone must block this IP address for good, he doesn't deserve internet access!

Can somebody or something stop this idiot from scanning other peoples computer: 61.139.105.163

03/17/2009 11:35:55.416 - Possible port scan dropped - Source:61.139.105.163, 12200, WAN - Destination:hi.d.d.en, 6588, WAN - TCP scanned port list, 9090, 9090, 8000, 8000, 7212 -

Can somebody or something stop this idiot from scanning other peoples computer: 61.139.105.163

03/17/2009 11:35:55.416 - Possible port scan dropped - Source:61.139.105.163, 12200, WAN - Destination:hi.d.d.en, 6588, WAN - TCP scanned port list, 9090, 9090, 8000, 8000, 7212 -

Can somebody or something stop this idiot from scanning other peoples computer: 61.139.105.163

03/17/2009 11:35:55.416 - Possible port scan dropped - Source:61.139.105.163, 12200, WAN - Destination:hi.d.d.en, 6588, WAN - TCP scanned port list, 9090, 9090, 8000, 8000, 7212 -

Scanning my ports as well. My Linux firewall has blocked him as well.

This ... guy is scanning my port twice daily,

Scanned our entire firewall IP with 10 counts on each port. Firewall blocked the attack. There might be more attacks in the future however.

61.139.105.163 is scanning ports at least twice daily. Scanning interrupted by Firewall

This guy is trying to Port scan me several daily.

61.139.105.163 The guy scanning my port

Asshole scanning my port!!!!!
time: 16.00 hours
Situation: The IP adress was blocked by my firewall

61.139.105.163
The guy scanning my port !!!