hack attempt on port 8080

Discussion in 'NZ Computing' started by Peter Huebner, Oct 24, 2004.

  1. Several times recently these guys have tried to connect to my machine
    while I was online: IP 61.232.83.74
    I figure it's from China some place (at least that's what I have been
    able to dig up with web based tracert and dynamic Ip lookups).

    But I can't help wondering: just what are they trying to do? Port 8080
    is where the proxomitron listens on my machine - and nobody from outside
    the lan is allowed to get in that way - but what conceivable use would
    it be to anybody from the outside to connect to me that way?!?

    -P.

    --
    ***************
    direct replies to peters[underscore]spambot[at]
    ihug[fullstop]co[fullstop]nz
    (yes, really <g>)
    ***************
     
    Peter Huebner, Oct 24, 2004
    #1
    1. Advertising

  2. Peter Huebner wrote:
    > Several times recently these guys have tried to connect to my machine
    > while I was online: IP 61.232.83.74
    > I figure it's from China some place (at least that's what I have been
    > able to dig up with web based tracert and dynamic Ip lookups).
    > But I can't help wondering: just what are they trying to do? Port 8080
    > is where the proxomitron listens on my machine - and nobody from outside
    > the lan is allowed to get in that way - but what conceivable use would
    > it be to anybody from the outside to connect to me that way?!?


    if they're in china they may have a "filtered" net connection, and be
    trying to use your machine to proxy to something that they have not been
    allowed to view.

    8080 is a very common proxy port.

    --
    Dave.net.nz
    reply addy is e
    nice! http://www.dave.net.nz/images/link.jpg
     
    Dave - Dave.net.nz, Oct 24, 2004
    #2
    1. Advertising

  3. Peter Huebner

    Toxickiwi Guest

    I find they try to logon to my FTP all the time (from China), is there
    any firewall programs out there that will block 'China' ;)

    Aaron

    On Mon, 25 Oct 2004 01:58:07 +1300, "Dave - Dave.net.nz"
    <> wrote:

    >Peter Huebner wrote:
    >> Several times recently these guys have tried to connect to my machine
    >> while I was online: IP 61.232.83.74
    >> I figure it's from China some place (at least that's what I have been
    >> able to dig up with web based tracert and dynamic Ip lookups).
    >> But I can't help wondering: just what are they trying to do? Port 8080
    >> is where the proxomitron listens on my machine - and nobody from outside
    >> the lan is allowed to get in that way - but what conceivable use would
    >> it be to anybody from the outside to connect to me that way?!?

    >
    >if they're in china they may have a "filtered" net connection, and be
    >trying to use your machine to proxy to something that they have not been
    >allowed to view.
    >
    >8080 is a very common proxy port.
     
    Toxickiwi, Oct 24, 2004
    #3
  4. Peter Huebner

    Dumbkiwi Guest

    On Sun, 24 Oct 2004 17:29:19 +0000, Toxickiwi wrote:

    > I find they try to logon to my FTP all the time (from China), is there
    > any firewall programs out there that will block 'China' ;)
    >


    The great [fire]wall of China?

    Matt
     
    Dumbkiwi, Oct 24, 2004
    #4
  5. It seems like Mon, 25 Oct 2004 01:43:58 +1300 was when Peter Huebner
    <> said Blah blah blah...

    >But I can't help wondering: just what are they trying to do? Port 8080
    >is where the proxomitron listens on my machine - and nobody from outside
    >the lan is allowed to get in that way - but what conceivable use would
    >it be to anybody from the outside to connect to me that way?!?


    Port 8080 is where it's all happening! Along with 3128, people try to
    connect to those ports for a proxy, so they can surf the internet
    pretending to be you (well, your internet connection). What to do
    about it? Don't have a proxy server running without authentication.
    That's it. Don't worry about people looking to see what ports are open
    on your computer, as long as nothing's open that doesn't need to be,
    you'll be fine.
    --
    Regards,
    Waylon Kenning.

    1st Year B.I.T. WelTec
     
    Waylon Kenning, Oct 24, 2004
    #5
  6. Toxickiwi wrote:
    > I find they try to logon to my FTP all the time (from China), is there
    > any firewall programs out there that will block 'China' ;)


    not by name... that'd be racist :)

    if it is only used for private use, block all but your IP's... if your
    not on static, email them and ask for their IP ranges(and account
    mappings to cut down on the ranges needed), so that you can add say all
    Orcon dialup IP addy's.

    If it is a public FTP, then start blocking net-blocks
    try blocking 61.232.83.* for a start... as more show up, block them too...

    sometimes you'll find whole ISPs have a dodgier clientel than you
    appreciate, so block higher up the chain, 61.232.*.* but be careful with
    this sort of blocking, it can soon become a big list, and horrendious to
    maintain.

    There will be easier ways, but this would do it.

    --
    Dave.net.nz
    reply addy is e
    nice! http://www.dave.net.nz/images/link.jpg
     
    Dave - Dave.net.nz, Oct 24, 2004
    #6
  7. Peter Huebner

    Hmmm Guest

    Peter Huebner wrote:
    > Several times recently these guys have tried to connect to my machine
    > while I was online: IP 61.232.83.74
    > I figure it's from China some place (at least that's what I have been
    > able to dig up with web based tracert and dynamic Ip lookups).
    >
    > But I can't help wondering: just what are they trying to do? Port 8080
    > is where the proxomitron listens on my machine - and nobody from outside
    > the lan is allowed to get in that way - but what conceivable use would
    > it be to anybody from the outside to connect to me that way?!?
    >
    > -P.
    >


    Go to www.dshield.org
    and
    www.mynetwatchman.com

    These sites track ip's that attack pc's, basically you download a small
    client program from their site, it then monitors your firewalls logs
    (lots of different firewalls are supported) when someone attacks you,
    you send a report back to their site, when they collect enough reports
    about one ip, they contact the isp and give them a bunch of evidence..

    The more people that run these programs the more effective it will be,
    fight back against the attackers!!!!

    It also downloads a blacklist of bad ip's to your machine and your
    firewall can block those, so it protects you PLUS you automatically
    fight back against malicious activity.. well worth it


    ----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
    ---= East/West-Coast Server Farms - Total Privacy via Encryption =---
     
    Hmmm, Oct 25, 2004
    #7
  8. Hmmm wrote:
    > These sites track ip's that attack pc's, basically you download a small
    > client program from their site, it then monitors your firewalls logs
    > (lots of different firewalls are supported) when someone attacks you,
    > you send a report back to their site, when they collect enough reports
    > about one ip, they contact the isp and give them a bunch of evidence..


    only one problem with this sort of thing... it assumes that the persona
    who checks abuse@ email actually does something ans
    Korea/China/Brazil/Russia dont seem to care... more to the point,
    they're probably not the ones doing it anyway, they're probably just
    compromised PCs.

    --
    Dave.net.nz
    reply addy is e
    nice! http://www.dave.net.nz/images/link.jpg
     
    Dave - Dave.net.nz, Oct 25, 2004
    #8
  9. Peter Huebner

    Hmmm Guest

    Dave - Dave.net.nz wrote:
    > Hmmm wrote:
    >
    >> These sites track ip's that attack pc's, basically you download a
    >> small client program from their site, it then monitors your firewalls
    >> logs (lots of different firewalls are supported) when someone attacks
    >> you, you send a report back to their site, when they collect enough
    >> reports about one ip, they contact the isp and give them a bunch of
    >> evidence..

    >
    >
    > only one problem with this sort of thing... it assumes that the persona
    > who checks abuse@ email actually does something ans
    > Korea/China/Brazil/Russia dont seem to care... more to the point,
    > they're probably not the ones doing it anyway, they're probably just
    > compromised PCs.
    >


    You should read the sites, that is all discussed and taken care of.


    ----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
    ---= East/West-Coast Server Farms - Total Privacy via Encryption =---
     
    Hmmm, Oct 25, 2004
    #9
  10. Peter Huebner

    Ron McNulty Guest

    Port 8080 is where a standard installation of JBoss (and probably Tomcat)
    installs the web server. I can't think why they would be interested...

    regards

    Ron

    "Peter Huebner" <> wrote in message
    news:...
    >
    > Several times recently these guys have tried to connect to my machine
    > while I was online: IP 61.232.83.74
    > I figure it's from China some place (at least that's what I have been
    > able to dig up with web based tracert and dynamic Ip lookups).
    >
    > But I can't help wondering: just what are they trying to do? Port 8080
    > is where the proxomitron listens on my machine - and nobody from outside
    > the lan is allowed to get in that way - but what conceivable use would
    > it be to anybody from the outside to connect to me that way?!?
    >
    > -P.
    >
    > --
    > ***************
    > direct replies to peters[underscore]spambot[at]
    > ihug[fullstop]co[fullstop]nz
    > (yes, really <g>)
    > ***************
     
    Ron McNulty, Oct 25, 2004
    #10
  11. Peter Huebner

    tcordell

    Joined:
    Jun 23, 2009
    Messages:
    1
    Possible Router Hack

    Is it possible that they are trying to use port 8080 to hack your router? Sometimes people setup remote administration over port 8080.
     
    tcordell, Jun 23, 2009
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. James Padolsey

    An ongoing attempt on port 139!!!

    James Padolsey, Sep 1, 2006, in forum: Computer Support
    Replies:
    3
    Views:
    534
    John Wunderlich
    Sep 2, 2006
  2. barret bonden

    PIX : Denying port 80 also stopped 8080

    barret bonden, Jan 17, 2008, in forum: Cisco
    Replies:
    0
    Views:
    449
    barret bonden
    Jan 17, 2008
  3. barret bonden
    Replies:
    3
    Views:
    512
    johnv
    Jan 23, 2008
  4. Flying Pigs
    Replies:
    6
    Views:
    1,433
    Flying Pigs
    Feb 14, 2011
  5. rickbath
    Replies:
    0
    Views:
    1,170
    rickbath
    May 30, 2012
Loading...

Share This Page