View Single Post
  #1   (View Single Post)  
Old 6th February 2012
Zyos's Avatar
Zyos Zyos is offline
Port Guard
 
Join Date: Nov 2011
Location: United States
Posts: 22
Default I think my laptop is updating an attacker with my IP?

I am baffled. I have a laptop here next to me acting as a web server. It is connected to the internet using a NAT'ed router. I have a dynamic ip address which I have changed multiple time in order to get this ip here, 58.218.199.147 to leave me alone.

So far the only way I have gotten them to stop scanning my ports is to either edit pf.conf and block everything in all directions or unplug the machine entirely. I can't seem to find anything unusual showing up in pflog

If I open up the ports www, domain, and https on the server and use the router to block all access to it I still end up seeing things like this appear in it's logs several times a day.
Code:
[DoS Attack: ACK Scan] from source: 58.218.199.147, port 80
[DoS Attack: ACK Scan] from source: 58.218.199.147, port 443
If I open the ports via the router so that people can visit my website all sorts of crazy things start happening. 58.218.199.147 and one of its sister ip 58.218.199.250 or possibly 221.174.50.137 start accessing the server on a regular basis and a bunch of different ip's start attacking me. I have been WinNuked, IMAP scanned, ACK scanned, RST scanned, and Null scanned from all sorts of ip's all over the world in obvious patterns. I haven't told anyone there is a web-server here.

This computer has been compromised before when it had windows on it, but since then it's been wiped and reformatted several times. I believe my computer may still be compromised somehow, but I don't what to do about it. My other machines don't appear to do this, however one is new and the other has had its hard drive replaced.

I'm fairly new at all of this and have no idea what to do next. Does anyone know what's going on?
Reply With Quote