Port Scanned from China

[A_W_O_L__]

So I believe I was port scanned and connected to last night while I had just left my computer on.
the reason I had left my pc on is I had a private game sever running in the background and when I got up this morning I seen that 2 ip addresses tried to connect to my server (the server is private, the ip required was never shared to anybody but my brothers) it said that the ip tried to connect but no player had actually entered the world which leaves me to believe that a packet was never sent from another game,
the server log said

103.37.145.150:39792 is connecting...
103.37.145.150:39792 is connecting...
Exception normal: tried to send data to a client after losing connection
123.59.62.69:38374 is connecting...
123.59.62.69:38374 is connecting...
Exception normal: tried to send data to a client after losing connection
I looked up the ip addresses and they both are originated from China and both were reported on www.abuseipdb.com as port scanners,

I looked up the logs on my router and only found the first one

[LAN access from remote] from 103.28.84.3:65364 to ([strike]my ip address[/strike]), Saturday, January 07, 2017 08:49:20

I cant find nothing in the logs for the second Ip though.

I'm not really worried about being port scanned what worries me is they found an open port and
connected to it. as soon as i found it i cleared all my browser data from to get rid of any stored auto fill data.
What are my options for combating this thing?

 

[mcnumpty23]

run a port scan test

something like shields up from grc

software like angry ip scanner can also give useful info

 

[bill001g]

That is why they run port scans. They pretty much scan every ip that may exist. They know what blocks are assigned by may ISP.

As soon as they find open ports they attempt to connect. If it connects even partially they run many of the standard attack scripts. There are lots of exploits in many OS that they hope you have not patched.

This is the risk you run exposing a server of any kind to the internet. If you do not port map anything all they can do is attempt to attack the router and most routers are designed to prevent any connection from the outside to the router itself.

 

[A_W_O_L__]

That is why they run port scans. They pretty much scan every ip that may exist. They know what blocks are assigned by may ISP.

As soon as they find open ports they attempt to connect. If it connects even partially they run many of the standard attack scripts. There are lots of exploits in many OS that they hope you have not patched.

This is the risk you run exposing a server of any kind to the internet. If you do not port map anything all they can do is attempt to attack the router and most routers are designed to prevent any connection from the outside to the router itself.

Ok, I can follow that but if the ports are open in my router and those ports are only open for that server application in my windows firewall would they then still be able to get through then?

honestly I could care less about the server I just don't want my pc hijacked, I transferred the port to a new port and did a malwarebytes scan and it came up clean

 

[mcnumpty23]

does your router or firewall allow black listing/white listing ip ranges?

that can be a useful tool if the router supports it

 

[A_W_O_L__]

So this is all of the lan access logs since last night, I've looked though them all and they seam to be all running ports of old game servers we had run in the past but no longer use
Ports:
25444-25446
3306
27015-27017
2300-2400
27886
6667


[LAN access from remote] from 125.181.200.147:60175 to 192.168.1.150:2323, Sunday, January 08, 2017 00:39:11
[LAN access from remote] from 71.6.135.131:58022 to 192.168.1.150:2375, Sunday, January 08, 2017 01:15:31
[LAN access from remote] from 220.245.202.80:58311 to 192.168.1.150:27016, Sunday, January 08, 2017 01:38:06
[LAN access from remote] from 220.245.202.80:56966 to 192.168.1.150:27016, Sunday, January 08, 2017 01:37:57
[LAN access from remote] from 111.74.238.57:58454 to 192.168.1.150:2375, Sunday, January 08, 2017 01:49:33
[LAN access from remote] from 180.254.219.10:17315 to 192.168.1.150:2323, Sunday, January 08, 2017 02:00:20
[LAN access from remote] from 92.82.71.11:37390 to 192.168.1.150:2323, Sunday, January 08, 2017 02:18:51
[LAN access from remote] from 182.18.72.171:63891 to 192.168.1.150:3306, Sunday, January 08, 2017 02:28:34
[LAN access from remote] from 180.242.16.77:2193 to 192.168.1.150:2323, Sunday, January 08, 2017 02:37:22
[LAN access from remote] from 180.242.16.77:2193 to 192.168.1.150:2323, Sunday, January 08, 2017 02:39:26
[LAN access from remote] from 183.60.48.25:12211 to 192.168.1.150:3306, Sunday, January 08, 2017 03:14:22
[LAN access from remote] from 180.154.133.106:29051 to 192.168.1.150:2323, Sunday, January 08, 2017 03:24:19
[LAN access from remote] from 115.76.43.190:50151 to 192.168.1.150:2323, Sunday, January 08, 2017 03:31:31
[LAN access from remote] from 111.72.252.91:36406 to 192.168.1.150:3306, Sunday, January 08, 2017 05:12:49
[LAN access from remote] from 190.249.176.93:29041 to 192.168.1.150:2323, Sunday, January 08, 2017 05:15:41
[LAN access from remote] from 116.98.221.205:5712 to 192.168.1.150:2323, Sunday, January 08, 2017 06:41:03

I also looked into what you suggested by blocking ip's
all could find is i could deny services to an internal ip or ban mac addresses, and it also allows to block keywords and websites
I'm using a Netgear WNDR4300v2

and I'm just using the windows 7 firewall, i'll look into that farther