Melbourne Brisbane Computer Repairs, Website design & SEO

---

China is hacking anyone they can Posted: 01 Dec 2012 06:25 AM PST About 1 year ago, I had setup a NAS server (Linux-based), for a small company. I set it all up, including remote access to the admin area, and to an online file manager (so that employees could do some work from home, if needed). Well, a few days ago, the backups started giving error messages, so while fixing the issue, I also upgraded the firmware, and I was also asked to see if it was possible to track user access to files (eg which file was accessed, and when). So I enabled the system connection logs, hoping they would show the information needed. Well, the logs didn’t show what I wanted, but a few hours later, I noticed an unusual number of failed login attempts… About 25 attempts per minute… and this would continue for about 5 to 10 minutes They would try typical usernames like “root”, “admin” and “bin” The really interesting part was when I looked up the country of origin for the logged IP addresses of the hackers: All were located in China Although this particular company didn’t have huge secrets, the server had IP property, which might have been useful to some Chinese companies. So, it looks like is any company has servers that can be accessed externally, they they will be subject to hacking attempts (and consequently: industrial espionage) from China. In this case, the solution was easy, The NAS server has a Network Access Protection system, where I can specify if a particular IP address generates more than 5 failed login attempts within 1 minute, then the IP address is blocked from any further attempts. Some of the IP addresses captured are: 58.215.56.110: China 117.21.208.26: China 117.79.91.55: China 183.136.128.217: China 211.94.161.84: China 114.205.1.149: Korea 117.79.91.209: China And after implementing the Network Access Protection: 113.163.22.170: Vietnam 65.164.153.141: USA 189.112.236.116: Brazil 217.174.152.147: Bulgaria 85.31.105.66: France 61.234.146.22: China Obviously not enough data here, but there are strong indications of Chinese (individuals, or companies, or even Government) involvement in hacking for company secrets. I’m exactly sure why lots of different countries started appearing in the hacking logs only after the Network Protection was enabled… but I’ll check again in a few weeks, and see if there is a more definite pattern. Related posts: A security tutorial to a chinese delegation I had a company ask me to give a brief... mapping network drives on a qnap NAS vpn I have recently installed a few QNAP NAS servers far... Event id 2017. The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations A local business upgraded their main PC to Windows 7...

You are subscribed to email updates from Computer Help To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google Inc., 20 West Kinzie, Chicago IL USA 60610