Jump to content

How do I stop Portscan?


  • Please log in to reply
5 replies to this topic

#1
ajvishus

ajvishus

    InsanelyMac Protégé

  • Members
  • Pip
  • 28 posts
For hours the IP 66.20.181.134 trying to portscan, has been blocked by my Norton AV several times. Is their anyway to fully block it, cuz I'm getting annoyed knowing spam/hacker is trying to pick and prod in my Imac. PLEASE HELP

#2
Chris Bulow

Chris Bulow

    InsanelyMac Protégé

  • Members
  • Pip
  • 5 posts
  • Gender:Male
  • Location:Orlando, Florida
  • Interests:Macs and other tech. Music, books, food and wine.
Looks like a Bell-South customer. Abuse contact details in the WHOIS below

whois 66.20.181.134

OrgName: BellSouth.net Inc.
OrgID: BELL
Address: 575 Morosgo Drive
City: Atlanta
StateProv: GA
PostalCode: 30324
Country: US

ReferralServer: rwhois://rwhois.eng.bellsouth.net:4321

NetRange: 66.20.0.0 - 66.21.255.255
CIDR: 66.20.0.0/15
NetName: BELLSNET-BLK8
NetHandle: NET-66-20-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: AUTH-DNS.ASM.BELLSOUTH.NET
NameServer: AUTH-DNS.MIA.BELLSOUTH.NET
NameServer: AUTH-DNS.MSY.BELLSOUTH.NET
Comment:
Comment: For Abuse Issues, email abuse@bellsouth.net. NO ATTACHMENTS. Include IP
Comment: address, time/date, message header, and attack logs.
Comment: For Subpoena Request, email ipoperations@bellsouth.net with "SUBPOENA" in
Comment: the subject line. Law Enforcement Agencies ONLY, please.
RegDate: 2000-09-14
Updated: 2007-02-28

RAbuseHandle: ABUSE81-ARIN
RAbuseName: Abuse Group
RAbusePhone: +1-404-499-5224
RAbuseEmail: abuse@bellsouth.net

RTechHandle: JG726-ARIN
RTechName: Geurin, Joe
RTechPhone: +1-404-499-5240
RTechEmail: ipoperations@bellsouth.net

OrgAbuseHandle: ABUSE81-ARIN
OrgAbuseName: Abuse Group
OrgAbusePhone: +1-404-499-5224
OrgAbuseEmail: abuse@bellsouth.net

OrgTechHandle: JG726-ARIN
OrgTechName: Geurin, Joe
OrgTechPhone: +1-404-499-5240
OrgTechEmail: ipoperations@bellsouth.net

# ARIN WHOIS database, last updated 2008-12-02 19:10

#3
ajvishus

ajvishus

    InsanelyMac Protégé

  • Members
  • Pip
  • 28 posts
Did that earlier, and this is what i got... is their any way i can just Block his/her IP Address from ticking off my Norton all the time or become invisible?





THIS IS AN AUTO-RESPONSE MESSAGE - PLEASE DO NOT REPLY - AT&T WILL
NOT SEE ANY REPLY SENT TO THIS MESSAGE

This message confirms that your report has been received by the
AT&T Internet Services Security Center.

The AT&T Internet Services Acceptable Use Policy is located at
http://my.att.net/legal/aup.

Please note that we can only take action on reports that implicate
the AT&T network as a source of abuse. As we are unable to take
any action on reports not involving AT&T's network, we recommend
that you send those reports directly to the abuse address of the
originating domain or service provider. You can identify the
originator by reading the expanded e-mail headers. If you need
help with reading headers, visit the following:

http://spamcop.net/f...e/cache/19.html

For any abuse report involving e-mail, it is essential that the
report include the full original expanded headers containing the
source IP address and time stamp, along with the complete unedited
subject line and message. A report cannot be investigated without
this information. Please send one report at a time, as combining
multiple reports only detracts from our ability to effectively and
efficiently address abuse issues.

For abuse reports involving security incidents, please include
relevant log excerpts of the incident directly in the body of your
message. Logs must be in plain text or ASCII format and include
the time zone, source IP address, destination IP, timestamps, and
port numbers.

If you are an AT&T customer and have a specific question related to
spam, including how to report messages you received as spam to
AT&T, please visit http://helpme.att.net, enter your email id and
domain, and use the help search box to search for "spam" to
reference Spam FAQs for your service type.

For Copyright, Trademark, or DMCA allegations of Infringement,
please visit:

http://www.att.net/legal/copyright

If your report involves a threat, please take steps to protect
yourself and your property by reporting the incident to your local
law enforcement agency. We will investigate your complaint and
cooperate fully with any requests from law enforcement.

You will receive no further contact from us, unless there are
special circumstances or we require additional information to
complete our investigation.


AT&T Internet Services Security Center

#4
hoyanf

hoyanf

    InsanelyMac Geek

  • Members
  • PipPipPip
  • 110 posts

For hours the IP 66.20.181.134 trying to portscan, has been blocked by my Norton AV several times. Is their anyway to fully block it, cuz I'm getting annoyed knowing spam/hacker is trying to pick and prod in my Imac. PLEASE HELP


Using the builtin host.deny should do it...

sudo nano /etc/hosts.deny

		  ALL: 66.20.181.134, xxx.xxx.xxx.xxx

something simpler :-
sudo echo 'ALL: 66.20.181.134' >> /etc/hosts.deny

check to see if it is there :-
cat /etc/hosts.deny

Regards,
hoyanf :)

#5
Chris Bulow

Chris Bulow

    InsanelyMac Protégé

  • Members
  • Pip
  • 5 posts
  • Gender:Male
  • Location:Orlando, Florida
  • Interests:Macs and other tech. Music, books, food and wine.
Nice, will remember that.

#6
ajvishus

ajvishus

    InsanelyMac Protégé

  • Members
  • Pip
  • 28 posts
thanx for the advice osx86

Recently the attacks have stopped, so i hope I don't have to do that





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

© 2014 InsanelyMac  |   News  |   Forum  |   Downloads  |   OSx86 Wiki  |   Mac Netbook  |   PHP hosting by CatN  |   Designed by Ed Gain  |   Logo by irfan  |   Privacy Policy