Re: port scans
- From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
- Date: Mon, 22 Feb 2010 20:03:43 -0600
On Mon, 22 Feb 2010, in the Usenet newsgroup comp.security.firewalls, in
article <hlv1rc$a9m$2@xxxxxxxxxxxxxxxxxxxxxxxxxx>, Rick wrote:
Are you saying that they are checking EVERY POSSIBLE IP number?
No - they're not checking the 235 million IPv4 addresses in China,
and similar chunks elsewhere. Say for the hell of it, they are
checking 2/3 of IPv4 address space - I highly doubt they are looking
at that many but that's about 2000 million hosts. They are coming from
several /22s in Hebei province (about half way between Hong Hong and
Beijing) - which is groups of a thousand systems. So each host in a
/22 has to check two million addresses max. Each connection attempt
takes under 100 milliseconds - and they can be run in parallel to
perhaps 50 or 60 _thousand_ attempts per host at any given instant.
This is a set of scripts, not some wanker setting at a keyboard trying
to type in each address to test. Coming back in ten minutes is almost
trivial - do the math.
4 failed attempts from the same originator. I can only see explaining
that by assuming that they somehow KNOW my server is there. How do
they know it is there? Would it help to get a new IP address?
Sorry to disappoint you - but you aren't that important. EVERYONE is
seeing (and ignoring) this stuff. They really aren't picking on your
address any more than they're picking on everyone else.
- Re: port scans
- From: Rick
- Re: port scans
- Prev by Date: Re: port scans
- Next by Date: Re: port scans
- Previous by thread: Re: port scans
- Next by thread: Re: port scans