who issued DoS attacked [DoS attack: IP packet w/MC or BC SRC addr] from 207.172.19.255, port 0 on 05/18/2025 22:25:27 2025 from USA/Taiwan related?*更新5/22/2025
2025/05/21 20:06
瀏覽177
迴響0
推薦0
引用0
why got [DoS attack: IP packet w/MC or BC SRC addr] from 207.172.19.255, port?
ie [DoS attack: IP packet w/MC or BC SRC addr] from 207.172.19.255, port 0 1 Sun May 18 22:25:27 2025 myIPaddress 207.172.19.255:0
searched [what is 207.172.19.255 ?]-->USA · Pennsylvania · Bethlehem
207.172.19.0 - 207.172.19.255 · USA · Pennsylvania · Bethlehem. List of IP: 207.172.19.0, 207.172.19.1, 207.172.19.2, 207.172.19.3, 207.172.19.4, 207.172.19.5 ...
-->ntunhs.net https://en.ntunhs.net › IPInfo
IP address information (207.172.0.0 - IP/Domain Lookup
A scientific camera combined with user note, GPS, pitch angle and azimuth angle. Travel in Taiwan. IP Address, 207.172.0.0 - 207.172 ...
and IP address information (19.255.0.0 - IP/Domain Lookup
A scientific camera combined with user note, GPS, pitch angle and azimuth angle. Travel in Taiwan. IP Address, 19.255.0.0 - 19.255..
searched [what is USA · Pennsylvania · Bethlehem 207.172.19.255 doing, taiwan company?]
PA Gets It Done https://pagetsitdone.com › country-factsheets › ta....
Taiwan and PA Connections
Aug 7, 2024 — Taiwan ranks 29th for the total number of firms and. •. 27th for the total number of jobs in Pennsylvania. Taiwan and PA Connections. Office of ...
serched [what is Lehigh Valley company name which is recently been caught, usa company?]
popped up: Bethlehem Township company sanctioned by China over US tariffs 69 News Mar 6, 2025
BETHLEHEM TWP., Pa. -- A Lehigh Valley company has gotten caught up in the brewing trade war between the U.S. and China.
Internet Protocol Video Market, or IPVM, has been sanctioned by China.
The Bethlehem Township-based company is a security research group that reviews and reports on video surveillance technology.
A company representative tells 69 News the sanctions against them are not tariffs, but retaliation for U.S. tariffs on China.
IPVM is one of 15 American companies barred from receiving "dual-use" equipment from China. Thats technology that can be used for both military and civilian purposes.
The employee says IPVMs operations are not being impacted since it doesnt make any physical products.
--we all knew any thing can be weapon that masters knew very well, the key is do you have bottom line? i cant see masters have bottom line but enemy-so-called do have. for master itself war can without 良知 by all means black China without ending. i bet more and more people becomes victims in usa. didnt we see MS, Google all over the world including in China? why master so afraid, very likely pretend to get what master wants?
Officials: Telemarketing operation tricked PA residents, people around the U.S.
The U.S. Attorney for the Eastern District of Pennsylvania indicted four Lehigh Valley residents and two companies By LevittownNow.com
--this is crimes without doubt.
PS an IP packet that has either a multicast (MC) or broadcast (BC) address used as the
source IP address, instead of a unicast address, which is the standard for identifying the sender.
searched [why 207.172.19.255:0 target at my notebook IP address?]
The IP address 207.172.19.255, along with the ":0" notation (indicating port zero), targeting your notebooks IP address suggests unusual network activity that could be either malicious or benign
--certainly it is highly possible malicious. not even know what fuck the relation to us.
Heres a breakdown:
1. What is Port Zero?
Port zero is a reserved port in TCP/IP networking and should not be used for standard communication.
In TCP and UDP, when an application doesnt specify a port and requests port 0, the operating system will typically assign an available, unused port.
Seeing traffic specifically targeting port 0 is unusual and may indicate an attempt to exploit network vulnerabilities, according to Lifewire.
2. Possible Scenarios:
Malicious Activity:
DDoS Attacks: Attackers might utilize port 0 in DDoS amplification attacks to overwhelm a targets network, potentially causing disruption.
Port Scanning/System Fingerprinting: Attackers might send packets to port 0 to gather information about the target systems network behavior and vulnerabilities.
Exploiting Vulnerabilities: In some cases, attackers may target port 0 to bypass security measures or exploit specific software vulnerabilities.
Benign Activity:
Misconfigured Application: A poorly written or misconfigured application could be attempting to bind to port 0, which is usually handled by the OS by selecting an available port.
Legitimate Port Allocation: While unusual, some systems or applications might use port 0 to indicate a request for dynamic port allocation by the operating system.
Fragmented Packets: In some situations, fragmented IP packets might be incorrectly interpreted as having a source port of 0 due to the way they are assembled.
--in usa i dont believe Benign Activity at all.
3. Why Its Targeting Your Notebook:
Public IP Exposure: If your notebook is directly connected to the internet with a public IP address, it becomes visible and accessible to potential network scanners and attackers.
Accidental Target: Your IP address might be randomly targeted as part of a wider port scanning or DDoS amplification campaign.
--i dont think so.
Specific Attack: In a more targeted scenario, an attacker might have identified your IP address as belonging to a system with potential vulnerabilities
--the most possibility it is a fishing to catch more innoncents. but it wont succeed because turned daily use equips became bombs that is Israle(taiwan/japan involved) made not other countries and definietely not China who focus on international business not war lover or invading other countries,they wont destroy their reputations and business. Another is INDO without any proof attacked 巴基斯坦. they all are masters group did to other countries. especially war lovers masters support them, who can allow Israle killed over 50000 pity 巴勒斯坦 people? masters.
4. What to Do:
Monitor Network Activity: Utilize network monitoring tools to track traffic to and from your notebook. Look for patterns or unusual spikes that might indicate malicious activity.
Review System Logs: Examine your notebooks system logs for any errors or warnings related to network connectivity or security events.
Check Firewall/Security Software: Ensure that your firewall and any other security software are up-to-date and properly configured to block unauthorized access.
Consider Security Audit: If youre concerned about potential vulnerabilities, consider performing a security audit or penetration test to identify and address any weaknesses in your systems security posture.
In summary: Traffic targeting port 0 should be considered suspicious, but it doesnt always mean malicious activity is occurring. Its crucial to investigate the activity and take appropriate security measures to protect your notebook from potential threats.
...............................
searched [why got [DoS attack: IP packet w/MC or BC SRC addr] from 207.172.19.255, port?]
The error message "[DoS attack: IP packet w/MC or BC SRC addr] from 207.172.19.255, port?" indicates that your system is detecting a possible DoS (Denial of Service) attack. Specifically, the IP address 207.172.19.255 is sending packets with a source address that is either a multicast or broadcast address. This is suspicious because these types of addresses are typically used for network-wide communication and are not expected to be used as the source of individual packets.
Explanation:
IP Packet with Multicast/Broadcast Source:
Normally, packets should have a source IP address that belongs to the sender. Multicast and broadcast addresses are used for sending packets to multiple recipients on the network. Using them as the source of a packet can be a sign of an attempt to spoof the source of the traffic and overload the system with requests.
207.172.19.255:
This is an IP address. While not inherently malicious, it is being used in conjunction with the other suspicious elements.
In summary, the error suggests that your system has detected a potential DoS attack where packets are being sent from a network IP address with a suspicious source (multicast/broadcast), which could be used to overload your system with requests. Its crucial to investigate this further and take steps to protect your network
5/21/2025 i did : admin>advanced>security>block sites as: IPinfo(123.235.31.38:443 from 123.232.0.0/14), SYNC flood, Zhejiang Taobao Network Co(8.25.82.182:443)
RCN(208.59.247.45:53),Cloudflare(172.64.144.121:443), Microsoft Corporation (52.96.164.130:443), Academy for Internet Research Limited Liability Company(104.156.155.4:54875),Xandr Inc(68.67.181.103:443), AKAMAI(-LINODE-AP ie Cloudflare, Inc Linode LLC) (104.237.151.205:50088), Linode, LLC (149.75.231.61:541),Amazon (18.220.218.98:443), Google Cloud Platform (35.211.202.130:443), IPVM/Internet Protocol Video Market (207.172.19.255:0) which is Pennsylvania · Bethlehem company, Comnet International BV(77.72.169.211:3478), webair(174.137.133.48)
PS 5/22/2025 the more new DDoD attack us the more we add to block sites. today we were cooking for breakfast after done spouse found his notebook internet auto disconnected mine didnt then verified logs found 2 DOS attacked spouse PC as:
[DoS attack: SYN Flood] from 174.137.133.48, port 443 1 Thu May 22 12:17:31 2025 spouse-IPaddress 174.137.133.48:443---->webair which is new
[DoS attack: SYN Flood] from 208.59.247.45, port 53 1 Thu May 22 12:17:03 2025 spouse-IPaddress 208.59.247.45:53---->RCN
yesterday was [DoS attack: SYN Flood] from 34.227.39.31, port 443 1 Wed May 21 23:49:18 2025 spouse-IPaddress 34.227.39.31:443---->amazon is Akamai client?YES which i already block Amazon site so logs also showed: [site blocked: ocsp.r2m02.amazontrust.com]
ps IP Weather Station(45.79.190.216:44330) which confused me that i did install MS weather app but didnt show wetbsite wont know the IP address whether is [45.79.190.216:44330]. didnt visit any other IP Weather Station at all. should i uninstall or just add block site as [IP Weather Station]? PS caught it is Linode, LLC so add in block site now.
searched [is it save to visit 45.79.190.216?] got: Its generally not recommended to visit the IP address 45.79.190.216 directly via a web browser. Heres why:
Bad Reputation: This IP address has a bad reputation and is listed on dangerous behavior IP lists and honeypot lists, suggesting it may be associated with malicious activity. PS seems not related MS weather app?
No Website: IP addresses are not websites themselves, but rather the address of a server hosting a website. You wouldnt directly visit an IP address unless you knew it was pointing to a specific web resource. Security Risk: Visiting IP addresses with bad reputations could expose your device to potential security risks, such as malware or phishing attempts
In summary: Avoid directly visiting this IP address. If you need to access a website or service hosted on a server using this IP address, you should use a domain name rather than the IP address directly.
searched [what company owns 45.79.190.216? ] got :
45.79.190.0/24 Range IP Address Lookup - ... from WhoisMind https://whoismind.com › ips PS NOTE dont click the link could be risk
The IP Range 45.79.190.0/24 has 256 IP addresses from Linode, LLC in and around Morris Plains, New Jersey, United States and covering 07927. 45.79.
..............................
searched [why got [DoS attack: IP packet w/MC or BC SRC addr] from 207.172.19.255, port?]
The error message "[DoS attack: IP packet w/MC or BC SRC addr] from 207.172.19.255, port?" indicates that your system is detecting a possible DoS (Denial of Service) attack. Specifically, the IP address 207.172.19.255 is sending packets with a source address that is either a multicast or broadcast address. This is suspicious because these types of addresses are typically used for network-wide communication and are not expected to be used as the source of individual packets.
--i would say one of man-in-the-middle did dirty jobs for masters since 2014 we installed free Russia Kaspersky from purchased tax app.
Explanation:
IP Packet with Multicast/Broadcast Source: Normally, packets should have a source IP address that belongs to the sender. Multicast and broadcast addresses are used for sending packets to multiple recipients on the network. Using them as the source of a packet can be a sign of an attempt to spoof the source of the traffic and overload the system with requests.
207.172.19.255: This is an IP address. While not inherently malicious, it is being used in conjunction with结合 the other suspicious elements.
--[DoS attack: IP packet w/MC or BC SRC addr] from 207.172.19.255, port 0 3 Thu May 22 03:34:54 2025 myIPaddress 207.172.19.255:0
this is what we were hit, the question is why us that have nothing related to the company-Internet Protocol Video Market ie IPVM. if they got trouble why not stop sending to innoncent us who are not their users, clients or register their website (never know the company name)? i dont blame the company but suspect malicious black hands did to us and even set up the company to get what masters really want from the company.
In summary, the error suggests that your system has detected a potential DoS attack where packets are being sent from a network IP address with a suspicious source (multicast/broadcast), which could be used to overload your system with requests. Its crucial to investigate this further and take steps to protect your network
ps searched [can "service blocked: syn flood" block syn flood?]
Yes, "service blocked: syn flood" typically indicates that a server or network has detected and is blocking a SYN flood attack. This message signifies that the system is taking action to mitigate the attack and prevent it from causing a denial of service
--Does it mean i succeed block syn flood? the logs showed [DoS attack: SYN Flood] from 123.235.31.38, port 443 1 Wed May 21 00:48:21 2025 my-IPaddress: 63378 123.235.31.38:443 which is 123.232.0.0/14 IPinfo website/company.
--it should be i searched and clicked the google search link then got attacked. as i said try not to click any google searched provided links which always have highly risk.
"Service blocked: syn flood" is a common message that indicates that a system has detected this pattern of malicious traffic and is actively blocking or mitigating the attack. This can be done through various methods, such as:
Firewall rules or intrusion detection/prevention systems (IDS/IPS): These tools can be configured to recognize and block suspicious SYN packets based on their source IP address, rate, or other characteristics.
Rate limiting: Setting a maximum number of SYN packets a server can receive from a given source within a certain time period can help prevent it from being overwhelmed. This technique allows the server to respond to SYN packets without allocating resources for a full connection, reducing the impact of a SYN flood. A larger backlog can temporarily accommodate more half-open connections, giving the server more time to handle legitimate requests. When the backlog is full, the server can close the oldest half-open connections to free up space
SYN cookies: . This technique allows the server to respond to SYN packets without allocating resources for a full connection, reducing the impact of a SYN flood
Increasing the backlog queue: A larger backlog can temporarily accommodate more half-open connections, giving the server more time to handle legitimate requests
Recycling the oldest half-open connections: When the backlog is full, the server can close the oldest half-open connections to free up space.
searched [what is MITM attacks?] A Man-in-the-Middle (MITM) attack is a cyberattack where an attacker intercepts and relays messages between two parties who believe they are communicating directly, while the attacker secretly controls the communication. The attacker can eavesdrop, alter messages, and even impersonate one of the parties to steal information or manipulate the interaction. --wow, it is not man-in-the-black fought aliens but usa 中间人攻击 (attacker) as usa agent attacked/black victims?
ps Man-in-the-Middle Attack(MITM攻击)是一种网络攻击手段,通过在通信双方之间插入一个中间人,窃取、篡改或干扰通信内容。这种攻击方式允许攻击者控制通信内容,而通信双方却毫不知情。
--the major problem is i didnt visit/contact or 通信 but google searched (most i wont click any links unless it is news or few posters websites to let others knew/understood more details).
How MITM Attacks Work:
Intercepting Communication: The attacker places themselves between two communicating parties, effectively acting as a relay.
Relaying Messages: They forward messages between the two parties, making them appear to be communicating directly.
Altering or Stealing Data: The attacker can read, modify, or steal the data being transmitted, potentially gaining access to sensitive information like login credentials, financial data, or private messages.
Impersonation: The attacker can impersonate one of the parties to trick the other into revealing information or taking a desired action.
Examples of MITM Techniques:
DNS Spoofing: The attacker intercepts DNS requests, redirecting a users traffic to a fake website or malicious server.
IP Spoofing:The attacker spoofs IP addresses to make it appear like a legitimate host, while they control the communication.
WiFi Eavesdropping: The attacker sets up a fake WiFi hotspot, and unsuspecting users connecting to it have their traffic intercepted.
Email Hijacking: The attacker intercepts email communications, often through phishing, to steal information or manipulate the parties involved.
HTTPS Stripping: The attacker removes the HTTPS protection on a secure connection, allowing them to intercept unencrypted data.
Credential Harvesting: The attacker redirects users to fake login pages to collect usernames and passwords.
Consequences of MITM Attacks:
Data Breach: Sensitive information can be stolen, including login credentials, financial data, and personal information.
Financial Loss: Attackers can steal money, redirect payments, or cause financial fraud.
Reputation Damage: Organizations can face reputational damage from security breaches and privacy violations.
Malware Infection: Attackers can inject malware into a users device or system.
Social Engineering: Attackers can use the intercepted information to conduct further social engineering attacks.
MITM攻击的基本原理和常见方法 MITM攻击的基本原理是通过某种手段,如ARP欺骗、DNS欺骗、Wi-Fi劫持等,使通信双方误以为与对方直接通信,而实际上所有的通信都经过攻击者控制的中间环节。在这个过程中,攻击者可以窃取双方的敏感信息,如账号密码、信用卡信息等,也可以篡改通信内容,导致双方交互的结果出现问题12。
MITM攻击的危害 MITM攻击的危害主要包括:
信息窃取:攻击者可以窃取通信双方的敏感信息,如银行账号、密码等。
信息篡改:攻击者可以篡改通信内容,导致通信双方接收到错误的信息。
会话劫持:攻击者可以劫持通信会话,控制通信过程。
伪装合法应用:攻击者可以在合法的网页或应用中嵌入恶意代码,当用户输入敏感信息时,这些信息会被窃取12。
防御MITM攻击的方法 为了防御MITM攻击,可以采取以下措施:
使用加密通信:使用SSL/TLS加密通信,确保数据传输的安全性。HTTPS、FTPS等都是建立在SSL/TLS基础上的协议。
定期更新软件和系统:确保系统和应用程序的最新版本,修复已知的安全漏洞。
使用安全的网络连接:避免使用不安全的公共Wi-Fi,尽量使用有线连接或可信任的Wi-Fi网络。
--my bad experience is the more windows updated the worse. old bugs not be solved the new leaks pile up. especially they are not new but older file explorer different versions auto switched. the worst cant tell caused by hacker or MS explorer itself did to users. without MS confess or tell the truth such dark web, DoS attack... wont be better but worse as they got umbrella to cover their crimes and cant trace or prove ie they accused each other or users.
PS 5/20/2025 searched [why file explorer frequently auto switched to older version while MS defender showed no threats?]
If File Explorer frequently reverts to older versions despite no threats detected by Microsoft Defender, the issue could be related to conflicts with synchronization, a bug in Windows Security, or interference with sync paths. Troubleshooting steps include checking the Windows Update history, uninstalling recent updates, or cleaning the Windows Defender scan history......
--you see MS is confessed (only if you ask the PERFECT question) but can users as senior-me-type to perform Troubleshooting 11 Steps and more xx steps for each possibilty caused the problem ?
5/23/2025 read a news that martyr said [$ for peoples needs,not Amazon] so google searched [Amazon boss is jewish?] got : Yes, Andy Jassy, the CEO of Amazon, is Jewish. He grew up in a Jewish family in Scarsdale, New York. He is of Jewish Hungarian ancestry.
Trump wants the martyr be sentensed to the death. why not investigate whats going on that [ocsp.r2m02.amazontrust.co] tried to invade our notebook recently?
searched [what is ocsp.r2m02.amazontrust.com, is it scam website?] got: ocsp.r2m02.amazontrust.com is not a scam website; its a domain used by Amazons Certificate Authority for Online Certificate Status Protocol (OCSP) checks. OCSP is a protocol used to verify the validity of digital certificates. This domain is part of the infrastructure that Amazon uses to issue and manage security certificates for websites and services....
while Hostname: ocsp.r2m01.amazontrust.com - LevelBlue from (Indo company) Open Threat Exchange https://otx.alienvault.com › indicator › hostname
Verdict. Whitelisted ; WHOIS. Registrar: MarkMonitor, Inc., Creation Date:May 11, 2007 ; Related Pulses. OTX User-Created Pulses (34).
amazontrust.com - Domain Info - Amazon from Netify - Network Intelligence
https://www.netify.ai › Resources › Domains
This page provides notable 值得注意的 hostnames associated with the amazontrust.com domain. The domain is associated with Amazon....
--we also received many phishing emails labeled as AMAZON(such as Amazon.com.mx) so are these 反犹太主义 did or 以色列的 spys did(didnt they make pager bombs?) ?
in fact our amazon cards issued by Chase got fraud charges several times hardly knew/sensed might relate to 犹太 or 以色列 events. 5/21-5/22/2025 serached all showed bad opinions about ocsp.r2m02.amazontrust.com now became [legit, trusty]
for example: Is ocsp.r2m01.amazontrust.com Legit?
Scam Detector https://www.scam-detector.com › validator
Is ocsp.r2m01.amazontrust.com legit or a scam? We do not recommend it as it has a low trust score. We evaluate 53 decisive factors to expose high-risk activity ...
--myself after knowing amazon boss, that made me more suspect amazontrust.com behaviour because logs showed:
searched [what is amozon ip address?] Amazon does not have a single IP address; it utilizes a network of servers across various locations, each with its own IP address. Finding a specific IP address for Amazon would be challenging and generally not useful, as its a large organization with dynamic IP assignments. You can, however, find the IP ranges used by Amazons cloud service, AWS, in their publicly available JSON file
serached [is moka a jewish related?] got:Yes, Mocha, the city in Yemen, does have a connection to Jewish history. There was a significant Jewish community in Mocha, particularly in the 17th and 18th centuries. They were merchants, craftsmen, and traders, playing a role in the citys thriving economy, especially related to coffee.
this month we suffered Moka2003 stick to our network channel forever in 2.4GHz. And unknow ghost in 5GHz. even changed channel frequently wont get rid of the [2 spys]. i dont suspect masters enemies-so-called did but masters group did especially notable israle spys everywhere in the world especially in usa.
i wonder whether Trump can investgate this month DDoS attack like crazy and 5/22/2025 attacked our internet provide and spouse notebook IPaddress, not sure our email accounts company website shut down any related DDoS attacked.
searched [does RCA is amozon client?] Yes, RCA (formerly Radio Corporation of America) is an Amazon client. RCA is listed as a customer of Amazons Control Tower. Amazon Web Services (AWS) also mentions RCA in the context of using generative AI for root cause analysis.
many [DoS attack: TCP- or UDP-based Port Scan] from 208.59.247.45, port 53 1 Thu May 22 19:33:06 2025 149.75.231.61:53286 208.59.247.45:53 --both IP addresses belong/related to RCA
ie [DoS attack: IP packet w/MC or BC SRC addr] from 207.172.19.255, port 0 1 Sun May 18 22:25:27 2025 myIPaddress 207.172.19.255:0
searched [what is 207.172.19.255 ?]-->USA · Pennsylvania · Bethlehem
207.172.19.0 - 207.172.19.255 · USA · Pennsylvania · Bethlehem. List of IP: 207.172.19.0, 207.172.19.1, 207.172.19.2, 207.172.19.3, 207.172.19.4, 207.172.19.5 ...
-->ntunhs.net https://en.ntunhs.net › IPInfo
IP address information (207.172.0.0 - IP/Domain Lookup
A scientific camera combined with user note, GPS, pitch angle and azimuth angle. Travel in Taiwan. IP Address, 207.172.0.0 - 207.172 ...
and IP address information (19.255.0.0 - IP/Domain Lookup
A scientific camera combined with user note, GPS, pitch angle and azimuth angle. Travel in Taiwan. IP Address, 19.255.0.0 - 19.255..
searched [what is USA · Pennsylvania · Bethlehem 207.172.19.255 doing, taiwan company?]
PA Gets It Done https://pagetsitdone.com › country-factsheets › ta....
Taiwan and PA Connections
Aug 7, 2024 — Taiwan ranks 29th for the total number of firms and. •. 27th for the total number of jobs in Pennsylvania. Taiwan and PA Connections. Office of ...
serched [what is Lehigh Valley company name which is recently been caught, usa company?]
popped up: Bethlehem Township company sanctioned by China over US tariffs 69 News Mar 6, 2025
BETHLEHEM TWP., Pa. -- A Lehigh Valley company has gotten caught up in the brewing trade war between the U.S. and China.
Internet Protocol Video Market, or IPVM, has been sanctioned by China.
The Bethlehem Township-based company is a security research group that reviews and reports on video surveillance technology.
A company representative tells 69 News the sanctions against them are not tariffs, but retaliation for U.S. tariffs on China.
IPVM is one of 15 American companies barred from receiving "dual-use" equipment from China. Thats technology that can be used for both military and civilian purposes.
The employee says IPVMs operations are not being impacted since it doesnt make any physical products.
--we all knew any thing can be weapon that masters knew very well, the key is do you have bottom line? i cant see masters have bottom line but enemy-so-called do have. for master itself war can without 良知 by all means black China without ending. i bet more and more people becomes victims in usa. didnt we see MS, Google all over the world including in China? why master so afraid, very likely pretend to get what master wants?
Officials: Telemarketing operation tricked PA residents, people around the U.S.
The U.S. Attorney for the Eastern District of Pennsylvania indicted four Lehigh Valley residents and two companies By LevittownNow.com
--this is crimes without doubt.
PS an IP packet that has either a multicast (MC) or broadcast (BC) address used as the
source IP address, instead of a unicast address, which is the standard for identifying the sender.
searched [why 207.172.19.255:0 target at my notebook IP address?]
The IP address 207.172.19.255, along with the ":0" notation (indicating port zero), targeting your notebooks IP address suggests unusual network activity that could be either malicious or benign
--certainly it is highly possible malicious. not even know what fuck the relation to us.
Heres a breakdown:
1. What is Port Zero?
Port zero is a reserved port in TCP/IP networking and should not be used for standard communication.
In TCP and UDP, when an application doesnt specify a port and requests port 0, the operating system will typically assign an available, unused port.
Seeing traffic specifically targeting port 0 is unusual and may indicate an attempt to exploit network vulnerabilities, according to Lifewire.
2. Possible Scenarios:
Malicious Activity:
DDoS Attacks: Attackers might utilize port 0 in DDoS amplification attacks to overwhelm a targets network, potentially causing disruption.
Port Scanning/System Fingerprinting: Attackers might send packets to port 0 to gather information about the target systems network behavior and vulnerabilities.
Exploiting Vulnerabilities: In some cases, attackers may target port 0 to bypass security measures or exploit specific software vulnerabilities.
Benign Activity:
Misconfigured Application: A poorly written or misconfigured application could be attempting to bind to port 0, which is usually handled by the OS by selecting an available port.
Legitimate Port Allocation: While unusual, some systems or applications might use port 0 to indicate a request for dynamic port allocation by the operating system.
Fragmented Packets: In some situations, fragmented IP packets might be incorrectly interpreted as having a source port of 0 due to the way they are assembled.
--in usa i dont believe Benign Activity at all.
3. Why Its Targeting Your Notebook:
Public IP Exposure: If your notebook is directly connected to the internet with a public IP address, it becomes visible and accessible to potential network scanners and attackers.
Accidental Target: Your IP address might be randomly targeted as part of a wider port scanning or DDoS amplification campaign.
--i dont think so.
Specific Attack: In a more targeted scenario, an attacker might have identified your IP address as belonging to a system with potential vulnerabilities
--the most possibility it is a fishing to catch more innoncents. but it wont succeed because turned daily use equips became bombs that is Israle(taiwan/japan involved) made not other countries and definietely not China who focus on international business not war lover or invading other countries,they wont destroy their reputations and business. Another is INDO without any proof attacked 巴基斯坦. they all are masters group did to other countries. especially war lovers masters support them, who can allow Israle killed over 50000 pity 巴勒斯坦 people? masters.
4. What to Do:
Monitor Network Activity: Utilize network monitoring tools to track traffic to and from your notebook. Look for patterns or unusual spikes that might indicate malicious activity.
Review System Logs: Examine your notebooks system logs for any errors or warnings related to network connectivity or security events.
Check Firewall/Security Software: Ensure that your firewall and any other security software are up-to-date and properly configured to block unauthorized access.
Consider Security Audit: If youre concerned about potential vulnerabilities, consider performing a security audit or penetration test to identify and address any weaknesses in your systems security posture.
In summary: Traffic targeting port 0 should be considered suspicious, but it doesnt always mean malicious activity is occurring. Its crucial to investigate the activity and take appropriate security measures to protect your notebook from potential threats.
...............................
searched [why got [DoS attack: IP packet w/MC or BC SRC addr] from 207.172.19.255, port?]
The error message "[DoS attack: IP packet w/MC or BC SRC addr] from 207.172.19.255, port?" indicates that your system is detecting a possible DoS (Denial of Service) attack. Specifically, the IP address 207.172.19.255 is sending packets with a source address that is either a multicast or broadcast address. This is suspicious because these types of addresses are typically used for network-wide communication and are not expected to be used as the source of individual packets.
Explanation:
IP Packet with Multicast/Broadcast Source:
Normally, packets should have a source IP address that belongs to the sender. Multicast and broadcast addresses are used for sending packets to multiple recipients on the network. Using them as the source of a packet can be a sign of an attempt to spoof the source of the traffic and overload the system with requests.
207.172.19.255:
This is an IP address. While not inherently malicious, it is being used in conjunction with the other suspicious elements.
In summary, the error suggests that your system has detected a potential DoS attack where packets are being sent from a network IP address with a suspicious source (multicast/broadcast), which could be used to overload your system with requests. Its crucial to investigate this further and take steps to protect your network
5/21/2025 i did : admin>advanced>security>block sites as: IPinfo(123.235.31.38:443 from 123.232.0.0/14), SYNC flood, Zhejiang Taobao Network Co(8.25.82.182:443)
RCN(208.59.247.45:53),Cloudflare(172.64.144.121:443), Microsoft Corporation (52.96.164.130:443), Academy for Internet Research Limited Liability Company(104.156.155.4:54875),Xandr Inc(68.67.181.103:443), AKAMAI(-LINODE-AP ie Cloudflare, Inc Linode LLC) (104.237.151.205:50088), Linode, LLC (149.75.231.61:541),Amazon (18.220.218.98:443), Google Cloud Platform (35.211.202.130:443), IPVM/Internet Protocol Video Market (207.172.19.255:0) which is Pennsylvania · Bethlehem company, Comnet International BV(77.72.169.211:3478), webair(174.137.133.48)
PS 5/22/2025 the more new DDoD attack us the more we add to block sites. today we were cooking for breakfast after done spouse found his notebook internet auto disconnected mine didnt then verified logs found 2 DOS attacked spouse PC as:
[DoS attack: SYN Flood] from 174.137.133.48, port 443 1 Thu May 22 12:17:31 2025 spouse-IPaddress 174.137.133.48:443---->webair which is new
[DoS attack: SYN Flood] from 208.59.247.45, port 53 1 Thu May 22 12:17:03 2025 spouse-IPaddress 208.59.247.45:53---->RCN
yesterday was [DoS attack: SYN Flood] from 34.227.39.31, port 443 1 Wed May 21 23:49:18 2025 spouse-IPaddress 34.227.39.31:443---->amazon is Akamai client?YES which i already block Amazon site so logs also showed: [site blocked: ocsp.r2m02.amazontrust.com]
ps IP Weather Station(45.79.190.216:44330) which confused me that i did install MS weather app but didnt show wetbsite wont know the IP address whether is [45.79.190.216:44330]. didnt visit any other IP Weather Station at all. should i uninstall or just add block site as [IP Weather Station]? PS caught it is Linode, LLC so add in block site now.
searched [is it save to visit 45.79.190.216?] got: Its generally not recommended to visit the IP address 45.79.190.216 directly via a web browser. Heres why:
Bad Reputation: This IP address has a bad reputation and is listed on dangerous behavior IP lists and honeypot lists, suggesting it may be associated with malicious activity. PS seems not related MS weather app?
No Website: IP addresses are not websites themselves, but rather the address of a server hosting a website. You wouldnt directly visit an IP address unless you knew it was pointing to a specific web resource. Security Risk: Visiting IP addresses with bad reputations could expose your device to potential security risks, such as malware or phishing attempts
In summary: Avoid directly visiting this IP address. If you need to access a website or service hosted on a server using this IP address, you should use a domain name rather than the IP address directly.
searched [what company owns 45.79.190.216? ] got :
45.79.190.0/24 Range IP Address Lookup - ... from WhoisMind https://whoismind.com › ips PS NOTE dont click the link could be risk
The IP Range 45.79.190.0/24 has 256 IP addresses from Linode, LLC in and around Morris Plains, New Jersey, United States and covering 07927. 45.79.
..............................
searched [why got [DoS attack: IP packet w/MC or BC SRC addr] from 207.172.19.255, port?]
The error message "[DoS attack: IP packet w/MC or BC SRC addr] from 207.172.19.255, port?" indicates that your system is detecting a possible DoS (Denial of Service) attack. Specifically, the IP address 207.172.19.255 is sending packets with a source address that is either a multicast or broadcast address. This is suspicious because these types of addresses are typically used for network-wide communication and are not expected to be used as the source of individual packets.
--i would say one of man-in-the-middle did dirty jobs for masters since 2014 we installed free Russia Kaspersky from purchased tax app.
Explanation:
IP Packet with Multicast/Broadcast Source: Normally, packets should have a source IP address that belongs to the sender. Multicast and broadcast addresses are used for sending packets to multiple recipients on the network. Using them as the source of a packet can be a sign of an attempt to spoof the source of the traffic and overload the system with requests.
207.172.19.255: This is an IP address. While not inherently malicious, it is being used in conjunction with结合 the other suspicious elements.
--[DoS attack: IP packet w/MC or BC SRC addr] from 207.172.19.255, port 0 3 Thu May 22 03:34:54 2025 myIPaddress 207.172.19.255:0
this is what we were hit, the question is why us that have nothing related to the company-Internet Protocol Video Market ie IPVM. if they got trouble why not stop sending to innoncent us who are not their users, clients or register their website (never know the company name)? i dont blame the company but suspect malicious black hands did to us and even set up the company to get what masters really want from the company.
In summary, the error suggests that your system has detected a potential DoS attack where packets are being sent from a network IP address with a suspicious source (multicast/broadcast), which could be used to overload your system with requests. Its crucial to investigate this further and take steps to protect your network
ps searched [can "service blocked: syn flood" block syn flood?]
Yes, "service blocked: syn flood" typically indicates that a server or network has detected and is blocking a SYN flood attack. This message signifies that the system is taking action to mitigate the attack and prevent it from causing a denial of service
--Does it mean i succeed block syn flood? the logs showed [DoS attack: SYN Flood] from 123.235.31.38, port 443 1 Wed May 21 00:48:21 2025 my-IPaddress: 63378 123.235.31.38:443 which is 123.232.0.0/14 IPinfo website/company.
--it should be i searched and clicked the google search link then got attacked. as i said try not to click any google searched provided links which always have highly risk.
"Service blocked: syn flood" is a common message that indicates that a system has detected this pattern of malicious traffic and is actively blocking or mitigating the attack. This can be done through various methods, such as:
Firewall rules or intrusion detection/prevention systems (IDS/IPS): These tools can be configured to recognize and block suspicious SYN packets based on their source IP address, rate, or other characteristics.
Rate limiting: Setting a maximum number of SYN packets a server can receive from a given source within a certain time period can help prevent it from being overwhelmed. This technique allows the server to respond to SYN packets without allocating resources for a full connection, reducing the impact of a SYN flood. A larger backlog can temporarily accommodate more half-open connections, giving the server more time to handle legitimate requests. When the backlog is full, the server can close the oldest half-open connections to free up space
SYN cookies: . This technique allows the server to respond to SYN packets without allocating resources for a full connection, reducing the impact of a SYN flood
Increasing the backlog queue: A larger backlog can temporarily accommodate more half-open connections, giving the server more time to handle legitimate requests
Recycling the oldest half-open connections: When the backlog is full, the server can close the oldest half-open connections to free up space.
searched [what is MITM attacks?] A Man-in-the-Middle (MITM) attack is a cyberattack where an attacker intercepts and relays messages between two parties who believe they are communicating directly, while the attacker secretly controls the communication. The attacker can eavesdrop, alter messages, and even impersonate one of the parties to steal information or manipulate the interaction. --wow, it is not man-in-the-black fought aliens but usa 中间人攻击 (attacker) as usa agent attacked/black victims?
ps Man-in-the-Middle Attack(MITM攻击)是一种网络攻击手段,通过在通信双方之间插入一个中间人,窃取、篡改或干扰通信内容。这种攻击方式允许攻击者控制通信内容,而通信双方却毫不知情。
--the major problem is i didnt visit/contact or 通信 but google searched (most i wont click any links unless it is news or few posters websites to let others knew/understood more details).
How MITM Attacks Work:
Intercepting Communication: The attacker places themselves between two communicating parties, effectively acting as a relay.
Relaying Messages: They forward messages between the two parties, making them appear to be communicating directly.
Altering or Stealing Data: The attacker can read, modify, or steal the data being transmitted, potentially gaining access to sensitive information like login credentials, financial data, or private messages.
Impersonation: The attacker can impersonate one of the parties to trick the other into revealing information or taking a desired action.
Examples of MITM Techniques:
DNS Spoofing: The attacker intercepts DNS requests, redirecting a users traffic to a fake website or malicious server.
IP Spoofing:The attacker spoofs IP addresses to make it appear like a legitimate host, while they control the communication.
WiFi Eavesdropping: The attacker sets up a fake WiFi hotspot, and unsuspecting users connecting to it have their traffic intercepted.
Email Hijacking: The attacker intercepts email communications, often through phishing, to steal information or manipulate the parties involved.
HTTPS Stripping: The attacker removes the HTTPS protection on a secure connection, allowing them to intercept unencrypted data.
Credential Harvesting: The attacker redirects users to fake login pages to collect usernames and passwords.
Consequences of MITM Attacks:
Data Breach: Sensitive information can be stolen, including login credentials, financial data, and personal information.
Financial Loss: Attackers can steal money, redirect payments, or cause financial fraud.
Reputation Damage: Organizations can face reputational damage from security breaches and privacy violations.
Malware Infection: Attackers can inject malware into a users device or system.
Social Engineering: Attackers can use the intercepted information to conduct further social engineering attacks.
MITM攻击的基本原理和常见方法 MITM攻击的基本原理是通过某种手段,如ARP欺骗、DNS欺骗、Wi-Fi劫持等,使通信双方误以为与对方直接通信,而实际上所有的通信都经过攻击者控制的中间环节。在这个过程中,攻击者可以窃取双方的敏感信息,如账号密码、信用卡信息等,也可以篡改通信内容,导致双方交互的结果出现问题12。
MITM攻击的危害 MITM攻击的危害主要包括:
信息窃取:攻击者可以窃取通信双方的敏感信息,如银行账号、密码等。
信息篡改:攻击者可以篡改通信内容,导致通信双方接收到错误的信息。
会话劫持:攻击者可以劫持通信会话,控制通信过程。
伪装合法应用:攻击者可以在合法的网页或应用中嵌入恶意代码,当用户输入敏感信息时,这些信息会被窃取12。
防御MITM攻击的方法 为了防御MITM攻击,可以采取以下措施:
使用加密通信:使用SSL/TLS加密通信,确保数据传输的安全性。HTTPS、FTPS等都是建立在SSL/TLS基础上的协议。
定期更新软件和系统:确保系统和应用程序的最新版本,修复已知的安全漏洞。
使用安全的网络连接:避免使用不安全的公共Wi-Fi,尽量使用有线连接或可信任的Wi-Fi网络。
--my bad experience is the more windows updated the worse. old bugs not be solved the new leaks pile up. especially they are not new but older file explorer different versions auto switched. the worst cant tell caused by hacker or MS explorer itself did to users. without MS confess or tell the truth such dark web, DoS attack... wont be better but worse as they got umbrella to cover their crimes and cant trace or prove ie they accused each other or users.
PS 5/20/2025 searched [why file explorer frequently auto switched to older version while MS defender showed no threats?]
If File Explorer frequently reverts to older versions despite no threats detected by Microsoft Defender, the issue could be related to conflicts with synchronization, a bug in Windows Security, or interference with sync paths. Troubleshooting steps include checking the Windows Update history, uninstalling recent updates, or cleaning the Windows Defender scan history......
--you see MS is confessed (only if you ask the PERFECT question) but can users as senior-me-type to perform Troubleshooting 11 Steps and more xx steps for each possibilty caused the problem ?
5/23/2025 read a news that martyr said [$ for peoples needs,not Amazon] so google searched [Amazon boss is jewish?] got : Yes, Andy Jassy, the CEO of Amazon, is Jewish. He grew up in a Jewish family in Scarsdale, New York. He is of Jewish Hungarian ancestry.
Trump wants the martyr be sentensed to the death. why not investigate whats going on that [ocsp.r2m02.amazontrust.co] tried to invade our notebook recently?
searched [what is ocsp.r2m02.amazontrust.com, is it scam website?] got: ocsp.r2m02.amazontrust.com is not a scam website; its a domain used by Amazons Certificate Authority for Online Certificate Status Protocol (OCSP) checks. OCSP is a protocol used to verify the validity of digital certificates. This domain is part of the infrastructure that Amazon uses to issue and manage security certificates for websites and services....
while Hostname: ocsp.r2m01.amazontrust.com - LevelBlue from (Indo company) Open Threat Exchange https://otx.alienvault.com › indicator › hostname
Verdict. Whitelisted ; WHOIS. Registrar: MarkMonitor, Inc., Creation Date:May 11, 2007 ; Related Pulses. OTX User-Created Pulses (34).
amazontrust.com - Domain Info - Amazon from Netify - Network Intelligence
https://www.netify.ai › Resources › Domains
This page provides notable 值得注意的 hostnames associated with the amazontrust.com domain. The domain is associated with Amazon....
--we also received many phishing emails labeled as AMAZON(such as Amazon.com.mx) so are these 反犹太主义 did or 以色列的 spys did(didnt they make pager bombs?) ?
in fact our amazon cards issued by Chase got fraud charges several times hardly knew/sensed might relate to 犹太 or 以色列 events. 5/21-5/22/2025 serached all showed bad opinions about ocsp.r2m02.amazontrust.com now became [legit, trusty]
for example: Is ocsp.r2m01.amazontrust.com Legit?
Scam Detector https://www.scam-detector.com › validator
Is ocsp.r2m01.amazontrust.com legit or a scam? We do not recommend it as it has a low trust score. We evaluate 53 decisive factors to expose high-risk activity ...
--myself after knowing amazon boss, that made me more suspect amazontrust.com behaviour because logs showed:
searched [what is amozon ip address?] Amazon does not have a single IP address; it utilizes a network of servers across various locations, each with its own IP address. Finding a specific IP address for Amazon would be challenging and generally not useful, as its a large organization with dynamic IP assignments. You can, however, find the IP ranges used by Amazons cloud service, AWS, in their publicly available JSON file
serached [is moka a jewish related?] got:Yes, Mocha, the city in Yemen, does have a connection to Jewish history. There was a significant Jewish community in Mocha, particularly in the 17th and 18th centuries. They were merchants, craftsmen, and traders, playing a role in the citys thriving economy, especially related to coffee.
this month we suffered Moka2003 stick to our network channel forever in 2.4GHz. And unknow ghost in 5GHz. even changed channel frequently wont get rid of the [2 spys]. i dont suspect masters enemies-so-called did but masters group did especially notable israle spys everywhere in the world especially in usa.
i wonder whether Trump can investgate this month DDoS attack like crazy and 5/22/2025 attacked our internet provide and spouse notebook IPaddress, not sure our email accounts company website shut down any related DDoS attacked.
searched [does RCA is amozon client?] Yes, RCA (formerly Radio Corporation of America) is an Amazon client. RCA is listed as a customer of Amazons Control Tower. Amazon Web Services (AWS) also mentions RCA in the context of using generative AI for root cause analysis.
many [DoS attack: TCP- or UDP-based Port Scan] from 208.59.247.45, port 53 1 Thu May 22 19:33:06 2025 149.75.231.61:53286 208.59.247.45:53 --both IP addresses belong/related to RCA
自訂分類:中国
上一則: 美债进入破产前夜!特朗普愿前往北京求援,刚刚取消一项禁令--要获得中方支持或配合需展现更多诚意更明确言行一致反对台独支持中国人民统一才能获得信任下一則: proved DDoD attacked our internet provider on 5/17/2025 around 10am *updated 5/19/2025
你可能會有興趣的文章:
- block fraud emails sender address filter not working? ineffective against modern spam as spammers frequently change, spoof, or mask sender addresses更新4/11/2026
- what AI cant do but 360doc (or even udn) can ? myself hate if it is AI control my HD, iphone, email accounts... that is the key.
- 遭中国学界集体“拉黑”后,NeurIPS道歉--it is time to build 全球学术 and post in china 期刊 as a real 开放、信任、合作的国际学术环境;血肉筑长城更新04/062026
- 马杜罗夫妇将再次出庭受审(3/26/2026),关押地如“人间炼狱”;特写|“反霸权、反帝国主义”—委内瑞拉民众要求美国释放马杜罗更新 4/5/2026
- 被打到命根子,卡塔尔终于谴责以色列;以色列的大麻烦来了--最大输家海湾6国停战2.5万亿续战5万亿,台湾唯有一中能解套--更新3/28/2026
- after restart PC many files folders auto disappeared in pined file folder but find in [windows system32 notepad.exe] ?
限會員,要發表迴響,請先登入
