Menu Close

Portscanning from China IP (59.53.50.13)

0 Comments

Today I got ane email notification from CSF, that someone is trying to do portscanning to my webserver.

Time:    Sat Feb 19 08:11:00 2011 +0700
IP:      59.53.50.139 (CN/China/-)
Hits:    11
Blocked: Temporary Block
Sample of block hits:
Feb 19 08:10:30 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=59.53.50.139 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=256 DF PROTO=TCP SPT=12200 DPT=7212 WINDOW=8192 RES=0x00 SYN URGP=0
Feb 19 08:10:32 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=59.53.50.139 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=256 DF PROTO=TCP SPT=12200 DPT=7212 WINDOW=8192 RES=0x00 SYN URGP=0
Feb 19 08:10:37 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=59.53.50.139 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=256 DF PROTO=TCP SPT=12200 DPT=8080 WINDOW=8192 RES=0x00 SYN URGP=0

If you are searching this IP from search engine, please add the following IP to the Deny / Blocked lists :

59.53.50.13
or
59.53.0.0/16

Leave a Reply

Your email address will not be published. Required fields are marked *