Kris12

Can you blacklist an IP?

7 posts in this topic

I am being repeatedly port scanned by a couple Chinese IP addresses. This has been going on for a week and is getting to the point where it is every 10-15 minutes. Malwarebytes is blocking it, but I keep getting alerts that it is happening and it is very annoying. Is there any way to permanently stop/block these specific IPs? I have ran numerous scans using both Malwarebytes and ESET and do not appear to be infected with anything. What is causing this/how do I stop it?

09:28:55 IP-BLOCK 221.192.199.46 (Type: incoming)

09:33:14 IP-BLOCK 221.192.199.51 (Type: incoming)

09:35:31 IP-BLOCK 221.192.199.46 (Type: incoming)

09:37:50 IP-BLOCK 221.192.199.51 (Type: incoming)

09:47:28 IP-BLOCK 221.192.199.51 (Type: incoming)

10:06:39 IP-BLOCK 221.192.199.51 (Type: incoming)

10:25:45 IP-BLOCK 221.192.199.51 (Type: incoming)

10:44:50 IP-BLOCK 221.192.199.51 (Type: incoming)

10:54:27 IP-BLOCK 221.192.199.51 (Type: incoming)

11:05:49 IP-BLOCK 221.192.199.46 (Type: incoming)

11:20:13 IP-BLOCK 221.192.199.46 (Type: incoming)

11:35:22 IP-BLOCK 221.192.199.46 (Type: incoming)

11:50:21 IP-BLOCK 221.192.199.46 (Type: incoming)

Share this post


Link to post
Share on other sites

This can't be port scan attack since MBAM doesn't alert about such things . If you are not doing anything bad while there alerts pop-up , your computer may be infected .

Do you use torrent programs (such as Utorrent) while there alerts appear ?

Share this post


Link to post
Share on other sites

No. I'm not using any torrent programs and sometimes do not even have a web browser open when I am getting the alerts. Only way to stop them is to disconnect my router and of course not be online. When I google these ips I see numerous complaints about them scanning users machines, but I have not been able to find a way to block them. Is there a security setting that can be increased to block them? I have done all kinds of scans and my machine appears to be clean. ESET full scan, MBAM full scan, quick scan, flash scan. At first when I switched to real time MB protection I saw the IP block alerts a couple times per day, now it is getting pretty aggressive.

Share this post


Link to post
Share on other sites

No. I'm not using any torrent programs and sometimes do not even have a web browser open when I am getting the alerts. Only way to stop them is to disconnect my router and of course not be online. When I google these ips I see numerous complaints about them scanning users machines, but I have not been able to find a way to block them. Is there a security setting that can be increased to block them? I have done all kinds of scans and my machine appears to be clean. ESET full scan, MBAM full scan, quick scan, flash scan. At first when I switched to real time MB protection I saw the IP block alerts a couple times per day, now it is getting pretty aggressive.

The reason for the blocked attacks needs to be removed , a.k.a. malicious software must be out of your machine

Follow the instructions here : http://forums.malwarebytes.org/index.php?showtopic=9573

Repose your problem with the information/logs required here : http://forums.malwarebytes.org/index.php?showforum=7

Share this post


Link to post
Share on other sites

I am being repeatedly port scanned by a couple Chinese IP addresses. This has been going on for a week and is getting to the point where it is every 10-15 minutes. Malwarebytes is blocking it, but I keep getting alerts that it is happening and it is very annoying. Is there any way to permanently stop/block these specific IPs? I have ran numerous scans using both Malwarebytes and ESET and do not appear to be infected with anything. What is causing this/how do I stop it?

09:28:55 IP-BLOCK 221.192.199.46 (Type: incoming)

09:33:14 IP-BLOCK 221.192.199.51 (Type: incoming)

09:35:31 IP-BLOCK 221.192.199.46 (Type: incoming)

09:37:50 IP-BLOCK 221.192.199.51 (Type: incoming)

09:47:28 IP-BLOCK 221.192.199.51 (Type: incoming)

10:06:39 IP-BLOCK 221.192.199.51 (Type: incoming)

10:25:45 IP-BLOCK 221.192.199.51 (Type: incoming)

10:44:50 IP-BLOCK 221.192.199.51 (Type: incoming)

10:54:27 IP-BLOCK 221.192.199.51 (Type: incoming)

11:05:49 IP-BLOCK 221.192.199.46 (Type: incoming)

11:20:13 IP-BLOCK 221.192.199.46 (Type: incoming)

11:35:22 IP-BLOCK 221.192.199.46 (Type: incoming)

11:50:21 IP-BLOCK 221.192.199.46 (Type: incoming)

The IP alert indicates that an malicious IP was prevented from loading onto your system. No action is required unless you're also experiencing malware symptoms. An open browser is not required to be open, just an active Net connection with processes running, such as IM cleints, SKYPE or P2P software. Windows Vista and Windows 7 will show the process, but neither Windows 2000 nor Windows XP have the structure in place for this to be displayed by our software

Please see the link below which contains our FAQ's(including reporting false\positives and adding IPs to ignore) on this feature for more information:

http://www.malwarebytes.org/forums/index.php?showtopic=21076&st=0#entry107310

Incoming threats can be ignored, our software is blocking the attack and there is nothing more that can be done.

Share this post


Link to post
Share on other sites

Incoming threats can be ignored, our software is blocking the attack and there is nothing more that can be done.

Yes - the threat is being blocked. I've scanned my machine numerous times with both MB and other programs and am turning up nothing. But these stupid IPs keep trying to get through and it is getting very annoying. Every few minutes now I am getting the alert bubble that one of two IPs 221.192.199.46 or 221.192.199.51 has been blocked. Both are in China & obviously I don't want to disable anything to allow them to get through, however is there an easy way for someone not 'techie' enough to be comfortable with registry editing to make it so I don't get that alert every few minutes that it is being blocked - or better yet 'ban' that IP from trying to get into my home network so they go away permanently?

Share this post


Link to post
Share on other sites

Yes - the threat is being blocked. I've scanned my machine numerous times with both MB and other programs and am turning up nothing. But these stupid IPs keep trying to get through and it is getting very annoying. Every few minutes now I am getting the alert bubble that one of two IPs 221.192.199.46 or 221.192.199.51 has been blocked. Both are in China & obviously I don't want to disable anything to allow them to get through, however is there an easy way for someone not 'techie' enough to be comfortable with registry editing to make it so I don't get that alert every few minutes that it is being blocked - or better yet 'ban' that IP from trying to get into my home network so they go away permanently?

Just set the alerts to silent:

Open Malwarebytes' Anti-Malware and click the 'Protection' tab. UNtick the following option:

Show tooltip balloon when malicious website is blocked

You will no longer have a balloon alert in the lower right-hand side of your monitor.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.