June 18th, 2009, 03:39 PM
KFSensor and Chinese Hackers
Hi, I have Zone Alarm 8 (free) installed on Win XP. I also have just installed
KFSensor (a honeypot). This KFSensor is telling me I have five visitors on my PC. One is 220.127.116.11 which traceroutes/whois to CHINA. Is China hacking me? Is Zone Alarm useless? Do they still make that other firewall (though the name eludes me)? What is going on here and what can I do? Thankyou for all advice.
June 18th, 2009, 05:06 PM
You probably have some piece of scumware on your machine calling home....
scan your machine with malwarebytes....
How people treat you is their karma- how you react is yours-Wayne Dyer
June 18th, 2009, 06:30 PM
"China" is a country. This would be like me refeshing this page and saying that my browser is connected to the entire state of Connecticut.
June 18th, 2009, 06:47 PM
Maybe China has those Carrier pidgins that can carry packets like in that old ass video.
Originally Posted by The-Spec
June 18th, 2009, 07:42 PM
Actually you could base64 encode files to have them printable to paper...
then just tie it to all of these lil' four foot tall asians.
June 18th, 2009, 08:10 PM
LOL DUDE straight from the horses mouth...
KFSensor is a Windows based honeypot Intrusion Detection System (IDS).
It acts as a honeypot to attract and detect hackers and worms by simulating vulnerable system services and trojans.
By acting as a decoy server it can divert attacks from critical systems and provide a higher level of information than can be achieved by using firewalls and NIDS alone.
No firewall is going to prevent conversations YOU INITIATE. You are broadcasting to the INTERNET "HEY EVERYONE LOOK AT ME". Your firewall knows this and will let anyone look.
June 18th, 2009, 11:22 PM
June 19th, 2009, 02:53 AM
Maybe people post things they already know so they'll have a reason to respond with, "I like and identify with you."
June 20th, 2009, 08:43 AM
Perhaps you should join the *******............I am sure that you would feel at home there
What is going on here and what can I do? Thankyou for all advice.
1. Is this the one you were thinking about?
Here is a relative newcomer:
As already noted, if you are running a honeypot you are inviting traffic so please don't blame the firewall.
2. There are so many compromised machines in the World these days that just because an IP address resolves to a particular country, does not mean that is where the attacker is operating from. Last I read for China was a ratio of 2:1 externally controlled bots to local Chinese ones.
Last edited by nihil; June 21st, 2009 at 03:13 PM.
June 22nd, 2009, 12:27 PM
I like and identify with you...