I just got a port scan that Norton blocked from

218.10.111.119 server 6000

Anybody know who that is??

Obviously

inetnum: 218.7.0.0 - 218.10.255.255
netname: CNCGROUP-HL
country: CN
descr: CNCGROUP Heilongjiang province network
admin-c: CH455-AP
tech-c: LZ31-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-HL
mnt-routes: MAINT-CNCGROUP-RR
changed: hm-changed@apnic.net 20031110
changed: hm-changed@apnic.net 20040927
changed: hm-changed@apnic.net 20050511
changed: hm-changed@apnic.net 20060124
source: APNIC

route: 218.10.0.0/16
descr: CNC Group CHINA169 Heilongjiang Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR
changed: abuse@cnc-noc.net 20060118
source: APNIC

domain: 218.in-addr.arpa
descr: reverse zone for 218/8
admin-c: DNS3-AP
tech-c: DNS3-AP
zone-c: DNS3-AP
nserver: ns1.apnic.net
nserver: ns3.apnic.net
nserver: ns4.apnic.net
nserver: ns-sec.ripe.net
nserver: tinnie.arin.net
mnt-by: MAINT-AP-DNS
mnt-lower: MAINT-AP-DNS
changed: dns-admin@apnic.net 20001207
changed: dns-admin@apnic.net 20010412
changed: dns-admin@apnic.net 20010611
changed: dns-admin@apnic.net 20040820
changed: dns-admin@apnic.net
source: APNIC

role: DNS Administration
address: Level 1
address: 33 Park Road
address: Milton QLD 4064
country: AU
phone: +61 7 3367 0490
fax-no: +61 7 3367 0482
e-mail: dns-admin@apnic.net
trouble: http://www.apnic.net/
admin-c: HM20-AP
tech-c: NO4-AP
nic-hdl: DNS3-AP
remarks: DNS in-addr.arpa zone files maintainer
notify: dbmon@apnic.net
mnt-by: MAINT-APNIC-AP
changed: dns-admin@apnic.net 19990203
source: APNIC

role: CNCGroup Hostmaster
e-mail: abuse@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
nic-hdl: CH455-AP
phone: +86-10-82993155
fax-no: +86-10-82993102
country: CN
admin-c: CH444-AP
tech-c: CH444-AP
changed: abuse@cnc-noc.net 20041119
mnt-by: MAINT-CNCGROUP
source: APNIC

person: Liu Zhiyong
nic-hdl: LZ31-AP
e-mail: gaobh@mail.hl.cn
address: Data Communication Bureau of HLJ
phone: +86-451-542931
country: CN
changed: gaobh@mail.hl.cn 20030801
mnt-by: MAINT-CNCGROUP-HL
source: APNIC

Someone is fishing your computer.

Asia Pacific network registrar, where most of the word's zombie attacks originate from. Looks like they were trying to contact a listening XDMCP port.
It's almost certainly not personal, they're just hunting through entire ranges of addresses for available services to attack.

I knew I'd get an answer from DU.

You know how you get emails from mailer demon or whatever if you send an email to a wrong address.

Well I got a returned email..it was sent to a nanochief@redvinyl.com I did send it and don't know who it was. Suspecting virus I went to google. Took the numbers serial and that did not help. Then it had the phrase interadz.interadz.com checked that out and quess what it was from Homeland Security. Why in the hell is Homeland Security returning email to me I did not send. And what are the doing in my email anyway. The only federal address I have ever sent email to is the president. And I tell the ignorant piece of crap what I think he is doing wrong. I never threaten him, because I want him impeached and jailed.

But getting back to the Homeland Security thing has anybody else gotten something like this. Do you think that if you send the president or vice president a nasty email they try to get back by sending a virus.

I received an email, returned to me, but not sent by me. I deleted it - don't know enough of the technical stuff to look anything up. I really did wonder what it was all about. Happened about a week ago - and I have never written to the pres - just my congressmen.

About two weeks ago. It returned an e-mail I never sent. I googled parts of the e-mail and it was connected to some weird religious site. Or at least that is what it looked like, who knows. You can't trust anything or anyone.

Welcome to DU!:toast:

...in just a couple of hours a mailbox that had, up then gotten, zero spam filled up. All of it was religious stuff.

:)

their return addresses so nothing bounces back to them. Sometimes they just make up phony ones, and once in a while they come up with a real one. A large part of my spam in one addie was such bouncing emails I never sent. Someone even sent a greeting card in my name to someone I never heard of that bounced back to me.

Why is Homeland Security involved? It's not necessarily an evil cabal conspiracy-- possibly they were on the trail of a spammer, phisher or other lowlife using your addie and didn't bother to leave their own calling card off the chain.

two emails I never sent, from an addy that I only communicate with a couple people from, and I had written NO emails...so I hit delete, delete, delete....I won't even open them, when I get them, and I haven't sent any emails...I refuse to open them...
wb

www.safer-networking.org

WHOIS Search Results

WHOIS Record For
218.10.111.119
Record Type: IP Address

OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

ReferralServer: whois://whois.apnic.net

NetRange: 218.0.0.0 - 218.255.255.255
CIDR: 218.0.0.0/8
NetName: APNIC4
NetHandle: NET-218-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: NS-SEC.RIPE.NET
NameServer: TINNIE.ARIN.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
Comment:
RegDate: 2000-12-07
Updated: 2005-05-20

OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: search-apnic-not-arin@apnic.net

http://www.networksolutions.com/whois/results.jsp;jsessionid=8731fa550e33b397080a6ac3a5a3:pN5Y?ip=218.10.111.119


Could have been some sort of spyware or something that Norton was blocking. Best bet: Let Norton block it.

That crap is seen all the time - probably a phisher or spammer looking to expand his botnet.