-2

I'm not sure if there are any rules here regarding posting specific IP addresses so I will take the address down if necessary.

As aforementioned, I put up an IP tracker on my Amazon EC2 instance for fun (and to see if my TAs had looked at my project yet to see if I could keep working on it past the due date, lol..) and I tracked myself with no confusion.

About 2 minutes after I set up the tracker, the visitor IP (117.78.23.4) was linked to somewhere in Beijing, China. I looked around for 30 seconds and found on this reverse IP lookup that the IP address is linked to cnc-noc.net.

According to Wikipedia they are notorious for being a large source of e-mail spam in the West.

I had and continue to have problems with e-mail spam on my Yahoo account since about 5 years ago. I don't remember what caused the problem, but every time I add contacts to my yahoo e-mail, it sends out a spam message to every single person in my contact list bimonthly. They are often about pills and porn like the Wikipedia says China Netcom makes their spam about.

Does this mean I have something on my computer that has been tracking my activity and/or following me around the web?

Thanks for any help.

Okay so I read a bit more and apparently it's just because they are the spammer's provider's provider.

My overall question is, should I just reformat my computer or is this a random thing that happens because of web crawlers or something? I'm kind of an internet noob when it comes to this stuff, so sorry if I have a lack of common knowledge.

Matthew
  • 13
  • 2
  • 1
    [Welcome to the Internet.](https://en.wikipedia.org/wiki/Internet_background_noise) – Michael Hampton Nov 23 '13 at 23:18
  • What Michael said - Seeing traffic like this in your logs is an inevitable consequence of choosing to run a server on the internet. It's going to be totally unconnected to your problems with your email account. As you're doing a school project then maybe you can get another one about security and hacking out of the experience? – Rob Moir Nov 23 '13 at 23:21
  • This question appears to be off-topic because there isn't really a problem here. – Falcon Momot Nov 24 '13 at 23:43

1 Answers1

1

use iptables to deny offending IPs (IPs that source bad traffic).....

iptables -A INPUT -P tcp -s 117.78.23.4/32 -j DROP

also, use iptables to throttle incoming "good" traffic

iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds ${SECONDS} --hitcount ${BLOCKCOUNT} -j ${DACTION}

EDIT:

for the truly paranoid, maintain an OUTPUT ipables chain/tables, and so only outgoing traffic destined for known good ip's is actually put on wire, otherwise dropped (this would not make a good research workstation).... but it would stop nsa malware from reporting back to denton, virginia... as we saw on the news

nandoP
  • 2,001
  • 14
  • 15