Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: Chinese IP Block.

  1. #1
    Join Date
    Aug 2005
    Posts
    944
    Blog Entries
    2

    Chinese IP Block.

    Where was it on this site that I saw a page to get a list of all Chinese IP addresses or which topic was the link to it posted in? I can't find it.

  2. #2
    Join Date
    Jul 2002
    Location
    JNB, ZA
    Posts
    1,774

  3. #3
    Join Date
    Aug 2005
    Posts
    944
    Blog Entries
    2
    Quote Originally Posted by bdh View Post
    Just which link is the path to that from the home page or another page?

  4. #4
    Join Date
    Aug 2005
    Posts
    944
    Blog Entries
    2
    My other question was how often is that list for China updated?

    One can block them all and get tons more every day from firewall logs that block illicit packet traffic.

    And, if it is updated all the time why does APNIC continue to issue IP addresses to China when the first thing that happens is that they are employed to send illicit packets to millions of US IP addresses?

    Then somehow they know the new IP's are being blocked then you just keep receiving more and more and more because for some reason that piques their interest and even then they must somehow know you are online and that your IP address is valid regardless of your computers lack of responses. Many times it is a matter of seconds before they come up with a new one that is not on the official block list or a minute or so and it goes on and on and on.

    Since the comp is free of evilware that means they are sniffing traffic in other places to know your IP address is active so ignoring or dropping their packets does no good and they just hit you harder.

    Since they just keep hitting you more even when they get zero responses that means they are tapped into something else that tells them that you are protected, firewalled, routered or whatever so it makes one wonder just which in/out source they are sniffing to know that you are active but protected instead of offline.

    After a while this makes the internet connection useless because it has the same end result as a website being under a Denial of Service attack.

    I have found out that blocking them only increases their interest in the blocker and it doubles or triples the packet traffic and always from new Chinese IP addresses in succession.

    So they are either gaining new IP's for this purpose on a daily basis or the list is just plain wrong and is woefully incomplete or whoever is issuing them new IP addresses is keeping that complete list from the general public.

  5. #5
    Join Date
    Jul 2002
    Location
    JNB, ZA
    Posts
    1,774
    Quote Originally Posted by napsnsnacks View Post
    Just which link is the path to that from the home page or another page?
    From that site's home page as well as from www.webnet77.com
    Time's up

  6. #6
    Join Date
    Jul 2002
    Location
    JNB, ZA
    Posts
    1,774
    Quote Originally Posted by napsnsnacks View Post
    My other question was how often is that list for China updated?
    The entire DB is updated every 24 hours. The only one that updates that often as far as I know.

    One can block them all and get tons more every day from firewall logs that block illicit packet traffic.
    There are several other lists you probably want to get on a daily basis. Three that come to mind are:
    http://feeds.dshield.org/block.txt
    http://www.spamhaus.org/drop/drop.lasso
    http://www.cymru.com/Documents/bogon-bn-agg.txt

    And, if it is updated all the time why does APNIC continue to issue IP addresses to China when the first thing that happens is that they are employed to send illicit packets to millions of US IP addresses?
    I have no idea. Probably because they have a propensity for port scans and Dos attacks and because they have a high percentage of bored teenagers.


    Many times it is a matter of seconds before they come up with a new one that is not on the official block list or a minute or so and it goes on and on and on.
    These symptoms are typical of a zombied machine.
    Time's up

  7. #7
    Join Date
    Aug 2005
    Posts
    944
    Blog Entries
    2
    It's a shame though that no entity or group or law enforcement or government cares to do anything about it because only rarely do they get a perpetrator but yet the same ISP's in China have been at the top of the malicious user list for years and years. Even mass global complaints about how their abuse@email is a worthless contact and billions of complaints have been sent.

    Under these conditions one would think that the IP issuers owned the IP holders and the IP holders owned the IP issuers and both owned and shut the mouths of every one else that could do something about it.

    It is a dead end with both of them because neither are responsible, no one is which is why the internet is a free for all (minus ISP fees) criminal cesspool.

    New laws should be thrown in the face of two interests.

    1. Those who issue IP addresses because their revenue comes from the membership money provided by those who rent their IP's from them but yet are not legally responsible for what those IP's are used for. Make them responsible and you'll see how fast things change. Have them to revoke the IP's issued that have many complaints against them because they were used maliciously. At some point the malicious user will just log in and be issued another IP address, revoked, on and on, revoked till the one renting the IP's will sock it to the malicious customer. After a while the ISP will then have the motivation to start monitoring their own servers for outgoing trash while currently they do nothing except plug it in and let the turnkey software run the show.

    2. ISP's because their customers pay them in perpetuity to maliciously use the IP's issued to them and the ISP does not care nor is legally responsible. As far as malicious use goes there is no harm or foul in forcing them to be internet cop because they get the brunt of profits from this malicious use from their customers.

    Hit both the IP issuers and the IP holders with legal responsibility. Especially the ISP's because they have a business license and this goes on one level under that license.

    Order them to shut off the zombies, cut off the port sniffing traffic, drop known malicious packets/requests, et al, or face fines or lose their license.

    Net neutrality does not include malicious use.

    The money flows to the top but NO ONE in the chain of command of IP's is responsible and that to me is nothing but a racket.

    How long really can the internet go one like this before it is completely taken over from top to bottom by malicious interests?

    To me it already has but no one is responsible for it.

    The IP issuers enable the ISP's in exchange for money and the ISP's enable their malicious users in exchange for money for years and years and years with no accountability so threaten their money and they will clean up their servers and their customer base so fast you'd think that...
    Last edited by napsnsnacks; Dec 23rd 2008 at 06:52 AM.

  8. #8
    Join Date
    Aug 2005
    Posts
    944
    Blog Entries
    2
    I forgot to mention that ISP's always like to say that they are not and should not be a firewall for their customers (which leads me to believe that they really don't know what they're doing thus are dependent on automated software and an on call remote access tech if a glitch pops up or in person for a hardware failure) but that doesn't have much value when this mess is THEIR BABY because it comes from an ISP customer TO an ISP customer and crosses both ISP's servers.

    If each one of them are forced by law to block OUTGOING trash then...

  9. #9
    Join Date
    Jul 2002
    Location
    JNB, ZA
    Posts
    1,774
    Quote Originally Posted by napsnsnacks View Post
    It's a shame though that no entity or group or law enforcement or government cares to do anything about it because only rarely do they get a perpetrator but yet the same ISP's in China have been at the top of the malicious user list for years and years. Even mass global complaints about how their abuse@email is a worthless contact and billions of complaints have been sent.
    You are absolutely right! If one of our IPs gets reported for spam (even if it is not a legit complaint!) we are generally given 24 hours or less to fix the "problem" or get that server unplugged [for good]! It's excessive and a complete overkill considering that if that same server was in China, Brazil or a dozen other places, it could merrily keep sending out spam forever with no chance of "retribution".

    Data centers (generally but not all) in "Western" Europe, US and even Australia and South Africa are ultra strict while the rest seem to have little to no rules at all. IANA is the central body that issues all internet numbers to the various registries. However, they leave it to the registries and service providers further down the feeding chain to manage those IPs responsibly. And that's exactly where the problem lies: Some providers regard just one spam report as the end of the world whilst others think that all spam reports are a waste of time and should be ignored.

    I believe this stems from one root problem: It's called the CAN-SPAM Act of 2003. More here http://www.ftc.gov/spam/ and http://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003

    Until the likes of China [and others] actually adopt this as legislation [very unlikely], the world is subject to two standards:

    1. Countries with no standards
    2. Countries with ridiculously strict standards.

    Now here's the rub - by far the most number of spam emails originate on servers in the US which have either been compromised (hacked) or where the end user PC has been compromised and it is used to send spam (through a US based) server. Now there's irony for ya!

    Bottom line is until the whole world agrees to play by the same rule book, this won't go away.
    Time's up

  10. #10
    Join Date
    Aug 2005
    Posts
    944
    Blog Entries
    2
    Quote Originally Posted by bdh View Post
    You are absolutely right! If one of our IPs gets reported for spam (even if it is not a legit complaint!) we are generally given 24 hours or less to fix the "problem" or get that server unplugged [for good]! It's excessive and a complete overkill considering that if that same server was in China, Brazil or a dozen other places, it could merrily keep sending out spam forever with no chance of "retribution".

    Data centers (generally but not all) in "Western" Europe, US and even Australia and South Africa are ultra strict while the rest seem to have little to no rules at all. IANA is the central body that issues all internet numbers to the various registries. However, they leave it to the registries and service providers further down the feeding chain to manage those IPs responsibly. And that's exactly where the problem lies: Some providers regard just one spam report as the end of the world whilst others think that all spam reports are a waste of time and should be ignored.

    I believe this stems from one root problem: It's called the CAN-SPAM Act of 2003. More here http://www.ftc.gov/spam/ and http://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003

    Until the likes of China [and others] actually adopt this as legislation [very unlikely], the world is subject to two standards:

    1. Countries with no standards
    2. Countries with ridiculously strict standards.

    Now here's the rub - by far the most number of spam emails originate on servers in the US which have either been compromised (hacked) or where the end user PC has been compromised and it is used to send spam (through a US based) server. Now there's irony for ya!

    Bottom line is until the whole world agrees to play by the same rule book, this won't go away.
    Fighting spam is good, real good, it shows some initiative at least but they were horribly a day late and a dollar short but still at least they did something.

    Spam is just the beginning. Spammers use their own computers with spamming software. The malicious spammers compromise as many computers as possible in order to send spam.

    It is the techniques these malicious interests use to go about that (not only spam but DOS attacks) that needs to be addressed so I'll take about that later...

  11. #11
    Join Date
    Aug 2005
    Posts
    944
    Blog Entries
    2
    Later...

    Many millions of computers are compromised and are zombies for the malicious operators right? OK, the operator's ISP and the ISP of all those compromised computers pay their ISP's right?

    If ISP's were ordered to shut off this flow of traffic or lose their IP's or face fines look how much revenue would be lost coming into the hands of the ISP?

    Whoooaaa, that's a lot of money. Money talks so malicious users and compromised computers walk, that explains that which is also why the ISP customer on the other end has to suffer the consequences.

    Then what happens? Billions of dollars in firewall software are purchased before a decade or two later it comes stock issue with Windows that takes 98% of the OS market.

    Whoooaaa, that's a lot of money.

    Sometimes I tend to think that it may be the lobbyists for the third party software industry that does not want regulation on ISP's to stop trash traffic at its source (the ISP) so that they can sell billions of dollars in software, software that is subverted everyday and is useless until it is updated/patched. Meanwhile they have your money and you're feeling good about it.

    To me that is using retail software to cover what should have been from the very beginning the ISP's responsibility to block known trash.

    To a large degree it is the computer users irresponsibility which is why I think Microsoft covered part of the incompetence by having a firewall built into Windows.

    That only goes so far as with other firewalls.

    Both of their software is subverted on a regular basis, they patch it/fix it, it's subverted, they patch it/fix it, it's subverted, they patch it/fix it, it's subverted, on and on till one of these days the code bloat for a firewall will need its own hard drive and Windows will need 3 and several terrabytes of RAM to support it all.

    There really is no security because it forever has a "hole" in it. This is why people never cease losing their personal data, while networks are forever compromised and why OS's are continually controlled maliciously remotely.

    Computer security and safety is all an illusion because they will just find another way in and you got all those victims until its fixed, over and over and as such nothing ever changes and its just as insecure as the day it all started.

    The only thing that has really been secured is the bank accounts of those running the show.

    For all the "holes" and subversion and cracks and hacks and compromised computers and people without firewalls and this and that and the other, all of that or at least most of that, comes to a screeching halt if ISP's were required to stop the malicious traffic at the server.

    A new subversion? A new malicious method? A new hack? To bad, it stops at the server and it stops there looong before any patches or fixes come out. That protects the internet network as a whole, it protects the integrity of the internet itself as if it were a computer in its own right (actually it is, see ***) instead of depending on a customer to have protection or trust them not to be malicious.

    In reality (compared to some tech think tank somewhere) it cannot be stopped on either end, computer to computer, but it can be stopped in the middle.

    That is where the fight front should move to, by force of law if necessary, because depending on computer users to have firewalls and anti-malware ware or not to use computers for illicit purposes is at least a 20 year old pipe dream and as such all computers and all networks are wide open and will forever be in that condition and that includes home, corporate, private and government systems and look at the billions of dollars that have been made off of that quaint little system both on the software side and the criminal side.

    One would think it was a conspiracy.

    *** The internet is the largest and most powerful super computer in the world. Some interests come along and they have their super computers competing with others. Actually they are only in second and third place and when they plug it in online they just make the #1 super computer bigger.

    Would these creators leave their super computers to be compromised? No. Neither should the internet be compromised, an internet which is one big super computer and if the attitude of protection applied to it just like it applies to 1 CPU in some home or office then that would only be proper.

    Currently, the largest super computer in the galaxy only has subsystem protection and even at that it's spotty. It is millions and millions and millions of subsystems grinding against each others will and those in the middle are making billions off of that as if this was all one big convenience for them.

    If all the subsystems of your CPU functioned like that you would never get past the Blue Screen Of Death but that is what the internet itself has become, one big conflict of subsystems.

    Each OS's has it garbage collection function. The super computers of the world do too but the largest super computer in the universe has no garbage collection function and it just keeps heaping and heaping until one of these days its going to have a nervous breakdown.

    This galactic super computer can be protected at the server and that requires ISP's and IP issuers to become accountable or step out of the way so that the internet, a computer in its own right, can move into the next generation.

    For all the billions that ISP's rake in it is long over due that they started acting like a part of the larger computer instead of being neither here nor there.

  12. #12
    Join Date
    Jul 2002
    Location
    JNB, ZA
    Posts
    1,774
    I hear you. Lots of good issues raised. Many of them entire topics on their own. This thread could potentially become hundreds of discussions - all valid and all relevant. This is a h-u-g-e topic and an equally large problem. Many people don't see that or know it (or just ignore it?). Take your pick.

    ... But it won't make the problems go away and they will only get worse in time. That is the one constant.
    Time's up

  13. #13
    Join Date
    Aug 2005
    Posts
    944
    Blog Entries
    2
    Quote Originally Posted by bdh View Post
    Many people don't see that or know it (or just ignore it?).
    Both. Most know there is a big problem but ignore it since they know trying to address the matter in the positive is a waste of time so they either quit the internet, put up with it or try to work around it.

    I would love to be the Premier or the President or the Emperor or whatever.

    The first thing I would do is talk to whatever criminal justice service that existed under me and I would slap all of them with criminal charges of aiding and abetting.

    It's not like they don't know whats going on. They know all to well what is going on. They just don't care because there isn't anything or anyone making them responsible. Lacking that I would use existing laws against them.

    Take landlords and property management services for examples. Drugs could be dealt out of and on their property but that doesn't mean that the owner would know that. After a while and after a few arrests both the police and the property owner see the established pattern of recurring illegal activity on the property.

    That can only go in circles for so long and they will lose their license to run rental property because it is established that they know full well what is going on but don't care what their property is used for or who they rent to as long as they get paid the rent money.

    They know all about it and they are getting paid so that makes them complicit, it makes them enablers by providing a safe haven that is only accessible by a warrant or a dire immediate need requiring the police enter the property which supercedes a warrant due to an emergency.

    Same premise, different set up since the ISP is the landlord and the malicious ISP customer is the dope dealer and as long as the money is flowing they have a nice relationship.

    Trouble is in comparison, there is nothing threatening their license as it would the landlord.

    abuse@whateverdomain is like the landlord telling the cops, "Hey, yeah I know all that so that's between you and them since you got no proof I'm doing it." or better yet, abuse@whateverdomain is is an absentee landlord.

    There is just as much opportunity for corruption between the tenant and the landlord as there is between an ISP and a criminal interest.

    The landlord (potentially a criminal himself), knowing that he is not responsible for the crimes of another, can use that rental as a front operation while he supplies the dope just like an ISP that may have some criminal interest can tell someone who knows how to go about doing that, "Hey, sign on as a customer, use my IP's, and go through a couple proxies and we are both in the clear." Or, "Hey, you can spoof my IP's while you use another ISP because I'm not responsible for what any IP's that are issued to me are used for so I just have to tell the ones complaining that, "I'm not responsible because someone is spoofing my IP's, sorry, can't help you."

    If the same ISP's and the same IP addresses are guilty month after month and year after year that suggests that there is a relationship between the ISP and the malicious user. Even worse as far as it goes in China since the government owns all ISP's. That ownership alone invokes images of a government sanctioned global spy and theft operation.

    Another thing that suggests complicity is that you can be under attack the very second you log onto the ISP server and before you ever make any outgoing connections. That means that all the IP's belonging to the ISP are under constant sniffing. The ISP knows that because they are sending back millions of undeliverable responses or are simply dropping the packets that are sent to their IP's that aren't even in use yet but will be in a minute, or ten minutes. They know they are passing this trash directly to the customers computer the second that they log on.

    That is why they should play the role of a partial firewall (they are not required to police their own network which is a long known failed policy) because it is not like their IP's are not under attack when you log on and you get unsolicited packets once in a while. This is a situation where they know that IP is under attack and knowingly give it straight to the customer when they log on.

    As long as they know that IP they are going to issue to a customer is under attack before they even give the customer that IP, that is contributory in my opinion and as far as I am concerned it is also culpable because they are knowingly complicit with such traffic regardless of whether they are in on some kind of scheme or not.

    It's not like you get illicit traffic to your computer once in a while after logging on since that is common everywhere. This is a situation where the ISP knowingly pipes this garbage to the customer. So, what is stopping the corrupt ISP from telling the malicious interest that they could be working with to scan them all continually that way you don't miss one when we log them on? Nothing.

    Another thing that suggest complicity is that I have had several fights with these hackers or call them whatever you want recently and the only way they could be hitting me so hard is if they are actually tapped into the ISP server because I can be shutting them out as fast as they keep coming in, then I can log out, log back in with a different IP address and there they are. How? The only way they could know it is me is from my log in credentials or every IP the ISP has is under continual attack whether it has been issued or not.

    To know that they have be be in on the ISP server in real time so they either hacked the server software (maybe a back door to it since the customer really never knows where ISP's get their turnkey software or who wrote it) or these two are working together, possibly even be one and the same. Even a corrupt remote Admin for the ISP could do the same thing.

    They had me tagged in real time even if I did log out and change IP addresses. The server could even be infected with an invisible root kit that would know these things in real time. Since it was IP's registered to China that were attacking me I can only assume these IP's are being spoofed or these Chinese using these IP's somehow have full access to my ISP's server.

    Having some kind of access to my ISP's server is plausible because in the last two fights they got inside my OS, turned off the firewall, changed the firewall settings though I won't say which firewall. If they can do that then they can get in the ISP server brains especially when ISP's rely so much on automated and unattended software which is publicly available for the malicious to buy or better yet to create "holes" in it or reverse engineer it. I suppose it could only get worse if low level resellers were using server freeware they got off the net.

    (also I had blocked the IP range of a company headquarterd in Pittsburgh that was changed to allow instead of deny. I had shut them out last month because their hits on my computer were wrecking my internet connection so I guess that made them mad or suspicious that I may be some tech protecting something, so they and these Chinese IP's I think are somehow connected since it was the Chinese IP's ((or spoofed to make it look Chinese in origin)) that did this penetration and set Pittsburgh to allow), and obtained or bypassed the password on the firewall then disabled it and dumped the packet traffic logs since I can't find them anywhere (their method is inside those packets so no mystery why they got rid of them.)

    The third fight I had set the firewall password long and complicated that I actually had to write it down. They didn't get past it and Pittsburgh is again blocked and I'm looking into whatever public information I can find on them too. So far it seems like a popular company with a spotless reputation, just not in my opinion. They could be in on it or compromised I have no way of knowing.

    Things have been kinda quiet since they got in like that (moving faster than me which suggests automated intelligence because they just kept getting quicker when I got quicker) so I guess they lost interest they saw that it was no valuable data base but is just an operating system, firewall, anti-virus, anti-malware but look at all the dirty secrets they gave away to a non IT diploma home user just to find that out and all because they could not resist a person/computer that was resisting them.

    All this leads to a potential "Man In The Middle" situation who is interested in intercepting data ... until you put up a fight, then they or their automated hackerware concentrate their efforts on your computer.

    Read these two first:

    Revealed: The Internet's Biggest Security Hole

    http://blog.wired.com/27bstroke6/200...ed-the-in.html

    "The man-in-the-middle attack exploits BGP to fool routers into re-directing data to an eavesdropper's network."

    "The pair successfully intercepted traffic bound for the conference network and redirected it to a system they controlled in New York before routing it back to DefCon in Las Vegas."

    "Everyone ... has assumed until now that you have to break something for a hijack to be useful," Kapela said. "But what we showed here is that you don't have to break anything. And if nothing breaks, who notices?"

    (Note that ISP's could do something about this to end the problem but it's "cost prohibitive." Look at how many millions or billions they spend every year to make an insecure network even bigger and how much the CEO's and executives receive from the company and it's no mystery why they cannot afford to do what is right. That's the world we live in, the right thing is always the last thing and it only becomes reality by force of law or other and even then after years or decades of the same practice. That's not hard to understand when it is not their data or computer or thier internet connection getting wasted is it? Noooooo, you can bet they spent the big money to put the big lock on that.)

    Details of DNS Flaw Leaked; Exploit Expected by End of Today

    http://blog.wired.com/27bstroke6/200...ls-of-dns.html

    "Earlier this month, Kaminsky, a penetration tester with IOActive, went public with information about a serious and fundamental security vulnerability in the Domain Name System that would allow attackers to easily impersonate any website"

    "The attack intercepts only traffic headed to target addresses, not from them, and it can't always vacuum in traffic within a network -- say, from one AT&T customer to another."

    One more and I'll be done...

  14. #14
    Join Date
    Aug 2005
    Posts
    944
    Blog Entries
    2
    Since no one has commented since my last post or offered any feedback the only real option I have is to assume that I am correct and now I must find out how many ISP's and/or their affiliates or subsidiaries in the US, my US, are owned by China.

    Though I will suggest that according to recent intel, 3 servers of my former ISP have been taken down.

  15. #15
    Join Date
    Jul 2002
    Location
    JNB, ZA
    Posts
    1,774
    You might find the graphs on this page very interesting - http://www.team-cymru.org/Monitoring/Graphs/ Something I did not know:

    Overall malicious activity on a global scale is headed up by
    1. Brazil
    2. Followed closely by India
    3. Russia
    4. China
    5. Turkey
    6. And the US comes in only at #6
    Time's up

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •