Re: port scans

Moe Trin wrote:
On Mon, 22 Feb 2010, in the Usenet newsgroup comp.security.firewalls, in
article<hlv1rc$a9m$2@xxxxxxxxxxxxxxxxxxxxxxxxxx>, Rick wrote:

Are you saying that they are checking EVERY POSSIBLE IP number?

No - they're not checking the 235 million IPv4 addresses in China,
and similar chunks elsewhere. Say for the hell of it, they are
checking 2/3 of IPv4 address space - I highly doubt they are looking
at that many but that's about 2000 million hosts. They are coming from
several /22s in Hebei province (about half way between Hong Hong and
Beijing) - which is groups of a thousand systems. So each host in a
/22 has to check two million addresses max. Each connection attempt
takes under 100 milliseconds - and they can be run in parallel to
perhaps 50 or 60 _thousand_ attempts per host at any given instant.
This is a set of scripts, not some wanker setting at a keyboard trying
to type in each address to test. Coming back in ten minutes is almost
trivial - do the math.

4 failed attempts from the same originator. I can only see explaining
that by assuming that they somehow KNOW my server is there. How do
they know it is there? Would it help to get a new IP address?

Sorry to disappoint you - but you aren't that important. EVERYONE is
seeing (and ignoring) this stuff. They really aren't picking on your
address any more than they're picking on everyone else.

Old guy


So you're saying it is a coincidence and I should "echo off paranoia".

One more thing however, it only took 15 minutes from the first use of the ftp server before these, let's call 'em probes, started. ONce upon
a time (before sonicwall) they would try a username-password script.


.

Relevant Pages

  • Firewall issues with setting up vsftp server
    ... I am attempting to set up an ftp server on an internal network. ... hosts are 192.168.1.*) I am using vsftp, but stumbling over an iptables ... vsftp is running as a stand-alone daemon. ... again get the "no route to host" message when I try to transfer data. ...
    (Fedora)
  • Re: Phishing Attempt
    ... Confusion - above you say the script was in the home directory, ... That sets the variable 'HOST' to the IP address you are posting from. ... and then run the application 'pula' which is also ... was connecting to the ftp server on 58.105.225.59 using the same account ...
    (comp.os.linux.security)
  • Problems with MultiLine responses from ftp server
    ... Is it a problem with the FTP server or do i need to handle it in the ... with the host machine using sockets on port 21. ... @param username - username used to log in to the ftp server. ... protected String username = null; ...
    (comp.lang.java.programmer)
  • NTL WepSpace (FTP Uploading) Help required, please - Re: Back from Mountie Land
    ... When she tried to Upload them to the NTL FTP Server, ... same Host Name, but that also doesn't give any Login Prompt. ... I can Connect OK to it (using my Telewest Cable Modem Connection), ...
    (uk.people.silversurfers)
  • Re: Small, text only Linux for web, ftp, mail server?
    ... > nice, but doubtful) ... > - Host an FTP server with the ability to use or block anonymous access ...
    (comp.os.linux)