Re: port scans



On Mon, 22 Feb 2010, in the Usenet newsgroup comp.security.firewalls, in
article <hlv1rc$a9m$2@xxxxxxxxxxxxxxxxxxxxxxxxxx>, Rick wrote:

Are you saying that they are checking EVERY POSSIBLE IP number?

No - they're not checking the 235 million IPv4 addresses in China,
and similar chunks elsewhere. Say for the hell of it, they are
checking 2/3 of IPv4 address space - I highly doubt they are looking
at that many but that's about 2000 million hosts. They are coming from
several /22s in Hebei province (about half way between Hong Hong and
Beijing) - which is groups of a thousand systems. So each host in a
/22 has to check two million addresses max. Each connection attempt
takes under 100 milliseconds - and they can be run in parallel to
perhaps 50 or 60 _thousand_ attempts per host at any given instant.
This is a set of scripts, not some wanker setting at a keyboard trying
to type in each address to test. Coming back in ten minutes is almost
trivial - do the math.

4 failed attempts from the same originator. I can only see explaining
that by assuming that they somehow KNOW my server is there. How do
they know it is there? Would it help to get a new IP address?

Sorry to disappoint you - but you aren't that important. EVERYONE is
seeing (and ignoring) this stuff. They really aren't picking on your
address any more than they're picking on everyone else.

Old guy
.



Relevant Pages

  • RE: Re: [opensuse] Cant Update while defaulting to IPv6
    ... I assume zypper tries ipv4 first, fails, then tries ipv6, fails, ... Eventhough the problem lies somewhere else (host down) and has been ... First they try IPv6 and when no global route available, ...
    (SuSE)
  • Re: [opensuse] oS 12.3 - why the long delay....
    ... Isn't that the case for IPV4 as well? ... On IPv4, the main function of DHCP is to get a host address, though it ... That's done by router advertisements where the router ... the MAC address or random number to create the host address. ...
    (SuSE)
  • Re: NTP security hole CVE-2013-5211?
    ... server 0.freebsd.pool.ntp.org iburst ... Is it possible that the three host names given in these lines may possibly ... become associated with various *different* IPv4 addresses, ... fixed IPv4 addresses. ...
    (FreeBSD-Security)
  • Re: Finding all IPv4 addresses associated with INADDR_ANY (?)
    ... IPv4 addresses that have been assigned to devices on the local host. ... To pick nits, that socket was just bound to INADDR_ANY, not "all the ... Justin C. Walker, Curmudgeon-At-Large * ...
    (freebsd-net)