ESS gives me port scanning attacks

Hello,

See the attachment please.
Can I do something about this messages?

 

Not sure what server / device the subnet 58.218.199.0/255.255.255.0 belongs to. If it's 100% trustworthy, you can exclude it from active protection in the zone setup.

 

Thanks for your reply!

I also don't know what server / device the subnet 58.218.199.0/255.255.255.0 belongs to. So it's not 100% trustworthy.

Can I check what is the origin of this IP in any way?

 

I believe the 58.218.199 is in China-perhaps Jiangsu province (hackers/exploiters I would think). I have had the same (IP) attacks in the past. There are several ways to look up IPs, as I am not an IT/AV expert, I just input part of the address in to Dogpile.com (my search engine of choice) and scan the results list for a clue. Crude, but it mostly works. That way I don't have to go to unknown websites (unknown to me) to check further. To the best of my knowledge Dogpile has never caused an issue for me. Of course, the results it list, depending on the site, may or may not be safe.

 

Thanks for your reply!

Maybe if I can get a new public IP address of the ISP, my problem will be solved I give it a try and let you know here.

 

I use AT&T DSL here in Ohio and I know when I restart (off, wait then on) my DSL modem, it assigns me a new IP (maybe my terminology is incorrect). Depending what IP band(s) the Chinese are scanning, this seems to aleviate their attacks-as I am in a different IP band. This procedure gives me a 50/50 chance.

 

@Tomface
My ISP also changed the public IP address when I unplug, wait a while and reconnect. So I hope it works, I let you know.