[clug] Intrusion problem
Duncan Roe
duncan_roe at acslink.net.au
Wed Nov 26 20:39:23 GMT 2008
I turned off logging of failed connect attempts long ago. When you have a fast
link, crackers find your IP somehow and flood it. That's why you have a
firewall. ("fast" link - Optus cable (Melbourne)).
Cheers ... Duncan.
On Mon, Nov 24, 2008 at 02:44:46PM +1100, conrad at mail.watersprite.com.au wrote:
> Adrian (and list)
>
> Daniel wrote:
> > Did they tell you anything useful, such as what these requests were,
> > when they occurred, what the destination was, or anything else?
>
> > Well, probably -- the place to start would be with the technical detail
> > that your ISP supplied to you, since that will help identify if we /can/
> > help you.
>
> While you should check with your ISP for details, this might be explained
> by a complaint I made to my network provider regarding a large number of
> unsolicited connection attempts made to TCP port 23 from the 125.0.0.0/8
> network range (that being the range my IPs are in). I log and drop all
> packets for ports not explicitly open on my firewall, and these have gone
> from unnoticable numbers 6 months ago to accounting for the vast majority.
>
> Should you not be able to get any details from your ISP, but this
> otherwise sounds like it might fit your case, email me off list and I'll
> give you what info I can from my logs.
>
> Given the repetitive nature of the requests I was logging, I'm suspecting
> botnetted PCs or similar. I wonder if they're looking for ADSL modems with
> open, external-facing telnet ports? Or is there a better explanation?
>
> Conrad.
>
>
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>
--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
More information about the linux
mailing list