I get hundreds of port scans from places like china
bulgaria, checkzlovakia, korea, with a few from us austrailia
and finland every day.
I've only detected intusion attempts from tiscali in italy with
snort.
Do most people get this sort of traffic from e block countries?
Or am I targeted?
In article
Christopher Leo Chatfield
>I get hundreds of port scans from places like china
>bulgaria, checkzlovakia, korea, with a few from us austrailia
>and finland every day.
>I've only detected intusion attempts from tiscali in italy with
>snort.
>Do most people get this sort of traffic from e block countries?
>Or am I targeted?
We get too much to count. Not hundreds but hundreds of thousands.
Per day.
Post removed (X-No-Archive: yes)
On Mon, 13 Nov 2006, in the Usenet newsgroup comp.security.firewalls, in article
wrote:
>I get hundreds of port scans from places like china
>bulgaria, checkzlovakia, korea, with a few from us austrailia
>and finland every day.
You are either new to the Internet, or you have belatedly discovered what
has been happening to the rest of us for years. Hundreds per day? That's
pretty minor. Last time I bothered to log the noise, I was seeing around
20000 per day.
>I've only detected intusion attempts from tiscali in italy with
>snort.
What - did someone try to stroke your port 22 with a thousand (or so)
attempted logins using dictionary passwords? Your headers say Debian - so
figure out where a command line is, and run the command '/bin/netstat -tuan'
and see if you need all of those ports open. If you are a home user, there
should be NO ports open - or at worst, port 113/tcp if needed by your ISP.
If you have decided that you need SSH open, restrict it using your firewall
to those addresses (or address blocks) where you have some reasonable
expectation that you will actually want to make a connection from.
>Do most people get this sort of traffic from e block countries?
All the time.
>Or am I targeted?
"It's only called paranoid when they AREN'T after you."
"When they _are_ out to get you, always check your paperwork."
The only reason you are receiving attention is that you have something a
spammer or skript kiddiez wants - bandwidth. See that you are not
offering services to the world. See that your system is kept current.
Then stop worrying about non-events.
Old guy
Post removed (X-No-Archive: yes)