Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
222 posts

Master Geek
+1 received by user: 4

Trusted

  Reply # 465036 3-May-2011 22:10
Send private message

They may not be trying to connect to whatever you're doing, but the ip that you're holding. Personally I wouldn't worry about it, you'll get a lot of this connected to the internet. Turn router firewall on and forget.



214 posts

Master Geek
Inactive user


  Reply # 465038 3-May-2011 22:21
Send private message

the point im making is no matter what ip my router gets it still happens,

its clearly a port scan of some sort from the realms of irc directed at new zealand ip ranges

the point i guess the more it happens the more data gets used and we as customers have to pay for that.

i will install wireshark and turn on dmz and see what it is.

 
 
 
 


Meow
7089 posts

Uber Geek
+1 received by user: 3326

Moderator
Trusted
Lifetime subscriber

  Reply # 465054 3-May-2011 22:43
Send private message

Don't worry about it, it's normal..

Let's just take a look at the common server, mine for example:


user@sakura:~$ cat /etc/hosts.deny | tail
sshd: 208.43.127.84
sshd: 207.138.211.26
sshd: 69.175.77.158
sshd: 94.76.222.178
sshd: 123.212.43.5
sshd: 121.14.119.135
sshd: 46.45.147.25
sshd: 125.46.92.195
sshd: 123.234.81.45
sshd: 69.197.153.235

That is within a space of about 15mins, I am not worried since I do use a pubkey on my server, but anything on the internet is always being poked / prodded every now and then.

As a example again who these are coming from, 46.45.147.25 is:


person: Osman Emir CERRAHOGLU
address: Kosanbit Telekomunikasyon San. Ve Tic. Ltd. Sti
address: Cevizlik Mah. Beyaz Zambak Sok. 7/3 Bakirkoy / Istanbul
e-mail: emir@kosanbit.com
phone: +90 536 452 24 62
nic-hdl: OEC3-RIPE
mnt-by: KOSANBIT-MNT
remarks: ###################################
remarks: Abuse & intrusion reports should
remarks: be sent to: abuse@kosanbit.com
remarks: ###################################
source: RIPE # Filtered

As you can see, this is overseas, most likely a infected computer on the internet being controlled by a botnet looking for servers to exploit. From the logs too I can see this IP tried the username root + password root first, then root + password second, then got blacklisted.

This is how firewalls work, if you see a intrusion log that's a good thing, take off your tinfoil hat and continue on with life, it's easier that way :)






214 posts

Master Geek
Inactive user


  Reply # 465066 3-May-2011 23:21
Send private message

yes in my hosts.deny via denyhosts i have

13749 lines

and thats my dedicated server in the states



214 posts

Master Geek
Inactive user


  Reply # 465078 4-May-2011 00:00
Send private message

ok the news is and its just not my line

all these ips are scanning common ports such as netbios and ms-msql etc

however the data may seem small but over a period of time it all adds up.

what can anyone do about it?

nothing, unless snap block the ips

so at the end of the day many others are in the same boat as i am.

1903 posts

Uber Geek
+1 received by user: 654

Trusted

  Reply # 465103 4-May-2011 06:55
Send private message

Some ISP's filter the more prolific crap, some don't. I wouldn't worry about it.

The server I have online gets hits 24/7 with SSH requests, bogus web requests, ping scans etc etc.

It's tempting I know to think that somehow you're being targetted as an individiual, but you're not. What you're seeing is commonly called Internet Background Radiation.

A very clever bloke by the name of Dean Pemberton gave a talk about it at NZNOG a few years back, you can read the pdf here if you'd like though it's just the slides that went along with the presentation.

Some ranges get targetted more than others. It might depend on how long that Internet range has been in the global routing table, there's tons of reasons.

Basically: Don't worry about it. This is why everyone's always on about keeping your machine up to date etc.




It looks like I'm using an adblocker. I should consider whitelisting Geekzone in my adblocker or a subscription. The Quick Reply box will appear for me when Geekzone is whitelisted. Hooray for me! If I want to reply to this topic I should click on Compose Reply.


965 posts

Ultimate Geek
+1 received by user: 146

UberGroup

  Reply # 465118 4-May-2011 08:27
Send private message

Welcome to the internet, This is completely normal and looks to be SYN packets trying to open a connection. If memory serves me well before my morning coffee you need about 20,000 of these packets to total 1 megabyte of traffic. It's not burning your cap or anything major.

Turn off the alerts and relax




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

222 posts

Master Geek
+1 received by user: 4

Trusted

  Reply # 465182 4-May-2011 10:23
Send private message

Trying to stop those would be like trying to stop road noise from the motorway, or filter dust particles out of the air when you're walking outside.

The data used will be so small it's not even funny, adobe flash player probably uses more just to check whether or not it's up to date.

Everyone's in the same boat, it's what happens when you're on the internet. As someone said, turn off the alerts, keep everything up to date and relax.

1332 posts

Uber Geek
+1 received by user: 152
Inactive user


  Reply # 465186 4-May-2011 10:24
Send private message

http://ip-db.com/72.20.40.51

Looks like an open proxy scanner for the IRC network at http://p2p-network.net/

There is a very good reason to stay away from anything hosted by Staminus Communications if at all possible; perhaps find a new IRC network?



214 posts

Master Geek
Inactive user


  Reply # 465190 4-May-2011 10:32
Send private message

i dont goto p2p, i run my own dedicated server for irc, web hosting

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

CPTPP text and National Interest Analysis released for public scrutiny
Posted 21-Feb-2018 19:43


Foodstuffs to trial digitised shopping trolleys
Posted 21-Feb-2018 18:27


2018: The year of zero-login, smart cars & the biometrics of things
Posted 21-Feb-2018 18:25


Intel reimagines data centre storage with new 3D NAND SSDs
Posted 16-Feb-2018 15:21


Ground-breaking business programme begins in Hamilton
Posted 16-Feb-2018 10:18


Government to continue search for first Chief Technology Officer
Posted 12-Feb-2018 20:30


Time to take Appleā€™s iPad Pro seriously
Posted 12-Feb-2018 16:54


New Fujifilm X-A5 brings selfie features to mirrorless camera
Posted 9-Feb-2018 09:12


D-Link ANZ expands connected smart home with new HD Wi-Fi cameras
Posted 9-Feb-2018 09:01


Dragon Professional for Mac V6: Near perfect dictation
Posted 9-Feb-2018 08:26


OPPO announces R11s with claims to be the picture perfect smartphone
Posted 2-Feb-2018 13:28


Vocus Communications wins a place on the TaaS panel
Posted 26-Jan-2018 15:16


SwipedOn raises $1 million capital
Posted 26-Jan-2018 15:15


Slingshot offers unlimited gigabit fibre for under a ton
Posted 25-Jan-2018 13:51


Spark doubles down on wireless broadband
Posted 24-Jan-2018 15:44



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.