Why am I getting a network attack from China?

by

Internet connected computers are constantly probed for vulnerabilities. Many come from China, but safety steps are the same no matter where from.
Question:

On June 12th my Kaspersky reported a network worm attack on my computer from a specific IP address. I tried to find who they are and found their web address as being what appears to be a government domain in China. Why would they want to attack my computer? How do I prevent such attacks?

It’s unfortunate, but China – both its government and not – is getting a fairly bad reputation on the internet. A large majority of spam is now originating in China, and I frequently have to filter out comments on Ask Leo! which are clearly spam or scam attempts that also originate there.

China has an incredibly large number of people connected to the internet, but apparently with that comes both the bad and the good.

]]>
<![CDATA[

Why would they want to attack you?

I’m thinking that they don’t. At least not as in individual. (Unless you have some reason to be of specific interest to them, of course, which is unlikely in general.)

“… this is exactly why you need a firewall …”

It’s much more likely that they’re doing the “standard” thing that worms and other network attacks do: they simply try to attack everyone. This means that they simply start with an IP address, see if there’s a computer there and then see if that computer is vulnerable to attack. If it is, they do so.

When they’re done with that IP address they simply move on to the next.

Very slowly they try to attack every computer on the internet. I’m guessing that they actually prioritize certain IP address blocks – like say “the United States” – but regardless of where they start, it’s pretty much a case where they’re simply trying to attack everyone, not just you.

It was just your turn to get probed.

We also need to talk briefly about what it means to be attacked, or what their intentions are if they do breach your system.

Once again, unless you’re somehow a person of interest to the attackers they’re probably not after anything specific about you – though of course if they were successful I suppose they could end up groveling around within your computer looking for passwords and accounts and other information for identity theft purposes.

What’s more likely is that they simply want to install a ‘bot, and add your computer to the zombie network of spam-sending machines out on the internet. Or whatever else a botnet might be used for.

How would you prevent the attack?

Well, you can’t control other people, so you’re not going to prevent the attack, but you can certainly prevent it from being successful.

As you already have.

The fact that Kaspersky alerted you means that it detected and prevented the attack. You’re done. You’re safe. Nothing to see here, move on.

In general, this is exactly why you need a firewall – these types of attacks are stopped cold by a NAT Router, or a properly configured software firewall.

That, and making sure that your machine’s software is up-to-date is all you need.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

5 comments on “Why am I getting a network attack from China?”

  1. Leo, You are bang on in your comment “they actually prioritize certain IP address blocks”. The smarter ones try to on blocks that are “static” addresses assigned by service providers to small businesses thinking that small businesses will be less protected and have a greater payoff upon successful intrusion. Too many smaller businesses believe that their relative size is a form of protection unto itself. Not so.

    Reply

  2. From what I read, Leo, the government of China is making various attacks on whatever American computers it can, hoping to find a way to create havoc just in case. Apparently they have breached the Pentagon’s computers several times. Your tactics should keep them out of our personal computers. Thank you.

    Reply

  3. Hi Leo!

    About 12 years ago I read with interest an article in Wired magazine about China digging, sometimes by hand, trenches to bury fiber optics. This would connect the major cities in China , thus creating a huge Intranet …. their goal was to only have one connection to the Internet, giving the Government more control. I wonder … if the Network attack originated from within their Intranet, is it exiting via their one Internet connection?

    Also something to think about, this Intranet if hooked to the Radar Defense system cold possibly couple the radar into a large format for the country … I have more thoughts but would rather discuss off line.

    Thanks for a great column!

    Charlie
    ###

    Reply

  4. Your spot on about china. It used to be Russia, India, Hong Kong, Taiwan. Peer Guardian 2 blocks
    over 900 million URL’s [ All government servers as well – and it’s FREE ] and Avast squashes anything else.

    Reply

  5. i have received network attack from different location of China two time this week.
    Both time my kaspersky blocked attack..
    How Cheap & disgusting people who want to hack others system..
    Thank you Kaspersky:-)

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Additional information is available at https://askleo.com/creative-commons-license/.