Had my ISP shut down for the past month to try and break the cycle of the malicious pings from China.
It apparently hasn't worked to well and was suggested by the server to disconnect my router overnight since my IP address is dynamic.
What bothers me is the malicious IP's are the same ones every time. Should I be more concerned about this and would it help to unplug the router every night?
I almost feel like canceling my internet service permanently.

Thank you.

Your router should be blocking the pings.
Check Shields Up at GRC to make sure your router is in "Stealth" or at least that you have no open ports.
https://www.grc.com/x/ne.dll?bh0bkyd2

Other than that there's not much you can do if your ISP won't block the pings from those certain addresses in China. There is automated software that pings one address after another, so it costs the pingers nothing to do it.

I wonder how many other customers of your ISP are having the same problem.

It's Malwarebytes that's shows it's blocking these IP's.
I'm sure others in this area actually wouldn't be aware if they're being pinged. I will have to start asking around but don't think there's that many in this immediate area that use the internet.

Jenny, I have checked the router stats and it shows it's at a high level. I just don't know how long it might be before "they" do break in.

Since I've been online and browsing for the past hour nothing has shown up.

Will see how it goes for the next few days.

Thanks again.

I'm not sure how Malwarebytes would know which IP's were pinging you unless pings from those locations were getting through the router. Did you go to the Shields Up site I linked to and test on that?

Thanks Jenny, had already checked per the Shields Up a couple months ago and then again this morning; each time it shows my computer is safe.

Still getting pinged every 15 minutes so guess is time to disconnect from the server at least until this fall.

Wishing all a great summer.

As I said before, that won't change anything. They aren't necessarily getting any ping response from you. They are just scanning ports to look for an open one. And they do this for all ports for every possible IP, whether they get an answer or not, just in case an IP that was not responding before suddenly becomes available to them. Disconnecting from the server only inconveniences yourself. As long as the pings don't get through, you're fine. But you might want to check more than the "Common Ports" at Shields Up.

That's what I was wondering... Just because they're pinging you doesn't mean they're getting through or even can get through. It just means they're looking for a response - which it appears they're not getting from your computer. I agree that disconnecting from the internet solves nothing - the pings will still be sent out and will pick up again whenever you reconnect - just like they did this time.

Okay, I have to ask this. What is a ping? Somebody trying to hack into a computer? Where do you see it? How do you recognize it? How do you know it's from China?

At a very basic level – do you remember watching any movies with submarines in it? Red October comes to mind where the subs would use their sonar to ‘ping’ or send out a signal to locate another submarine or where they were in relation to the surrounding terrain. Or imagine you are at Echo canyon and waiting on the response or echo to come back to you after saying “Helllooooo. . “

There are valid reasons to “ping” as well as not so good ones. If you are testing the speed of your internet connection you are ‘pinging’ a host and the response time is measured. On the other hand If you have read about the recent issues Sony is having one of the things they had to deal with was a denial of service attack which is called flood pinging and used to overwhelm their system.

Some antivirus programs will tell you the number of times your computer is being pinged to see if gets a response, they also provided a map to trace the ping back to its source. Personally I always viewed these as a best guess scenario. When I was playing with it I traced many back to China and others to Romania, but again I felt it is just a best guess scenario where they really came from. A person who is skilled at this will hide their trail much better than what is provided to consumers in these programs in my humble opinion.

If your computer is connected to the internet it will get pinged regularly, but as stated before that does not mean they are getting a response. Just like if you did not want to answer your front door if someone knocks.

Your last sentence is the best explanation of it all, RNL.

You can ping websites too you know. Bring up a command window by using "run" (on XP, not sure where on Win7, search maybe?). Then you type in cmd and press ok. That will bring up the command prompt box. From there you type ping, followed by a space, then the address of where you want to ping. It will send the packets back and forth and give you the information. There is a way to do it continuely, I think it is ping -t, then the www address. The RoadRunner tech told me how to do this when we were testing my download and upload times.

The only thing I wonder about is why Malwarebytes knows about it. If the pings aren't getting to the computer, how would Malwarebytes know? Or does Malwarebytes have access to your router's stats?

Make sure you actually have a router or router/modem or modem/firewall combo and not just a modem. A modem alone won't block anything. A router or hardware firewall would have a packet filter to block the pings.

I am assuming she has the paid version of Malwarebytes which does monitor in real time. However, that still doesn't answer the question of how Malwarebytes knows unless it actually monitors the ports and any attempt to access them??? And how are they getting past a router/firewall?

You might also try posting something at the Malwarebytes forum - I notice they have a pretty good one.

1) Did you run a Full Scan recently with your Malwarebytes to see what it finds?
2) What do you have as an Anti Virus or Security System? i.e. Avast or AVG or Kaspersky or Norton, etc. And did you run a Full scan to see what it finds?
3) If you don’t have a reputable Security Software like Kaspersky or Norton or Microsoft Security Essentials (just to name a few), what are you using as a Firewall?
4) I have a DLinks Wireless Router and as a further Security precaution, I removed the checkmark from “Enable Wan Ping Respond” and our 3 Laptops and Wireless printer connect without a problem. Although I do not know how this affects those who play Online “Shoot E’M up games, etc”.

As for turning off your Router every night, I agree with the other members, it should not be necessary and should be used only as quick fix until you make sure you haven’t been hit with a Virus or Malware.

Most Importantly, please take Draclvr’s advice and contact Malawarebytes regarding this issue, they might have a fix, it could be something as simple as a “False warning” and they will guide you to a workaround.

Thanks RNL. Never saw Red October or been to Echo Canyon or read about the Sony stuff. Agree with Draclvr about the last sentence though.

But of course, I am still a little unclear. If, let's say, my Norton says "unauthorized access blocked (send terminate message to window). Was that a "ping"? And whether it was or not, is that somebody trying to "hack" or something else?

No. ***This post*** at Norton forums explains why you often see that. ***Here's*** another post saying much the same thing. Or at the post by the forum admin at the bottom of ***this page*** says:


Behavior by design. If you have Norton, you'll probably see that message every once in a while even though no malware or hacking is involved.

Thank you Jenny!!!