Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
213 posts

Master Geek
+1 received by user: 3

Trusted
CallPlus Group

  Reply # 465036 3-May-2011 22:10
Send private message

They may not be trying to connect to whatever you're doing, but the ip that you're holding. Personally I wouldn't worry about it, you'll get a lot of this connected to the internet. Turn router firewall on and forget.



214 posts

Master Geek
Inactive user


  Reply # 465038 3-May-2011 22:21
Send private message

the point im making is no matter what ip my router gets it still happens,

its clearly a port scan of some sort from the realms of irc directed at new zealand ip ranges

the point i guess the more it happens the more data gets used and we as customers have to pay for that.

i will install wireshark and turn on dmz and see what it is.

 
 
 
 


6820 posts

Uber Geek
+1 received by user: 3144

Moderator
Trusted
Subscriber

  Reply # 465054 3-May-2011 22:43
Send private message

Don't worry about it, it's normal..

Let's just take a look at the common server, mine for example:


user@sakura:~$ cat /etc/hosts.deny | tail
sshd: 208.43.127.84
sshd: 207.138.211.26
sshd: 69.175.77.158
sshd: 94.76.222.178
sshd: 123.212.43.5
sshd: 121.14.119.135
sshd: 46.45.147.25
sshd: 125.46.92.195
sshd: 123.234.81.45
sshd: 69.197.153.235

That is within a space of about 15mins, I am not worried since I do use a pubkey on my server, but anything on the internet is always being poked / prodded every now and then.

As a example again who these are coming from, 46.45.147.25 is:


person: Osman Emir CERRAHOGLU
address: Kosanbit Telekomunikasyon San. Ve Tic. Ltd. Sti
address: Cevizlik Mah. Beyaz Zambak Sok. 7/3 Bakirkoy / Istanbul
e-mail: emir@kosanbit.com
phone: +90 536 452 24 62
nic-hdl: OEC3-RIPE
mnt-by: KOSANBIT-MNT
remarks: ###################################
remarks: Abuse & intrusion reports should
remarks: be sent to: abuse@kosanbit.com
remarks: ###################################
source: RIPE # Filtered

As you can see, this is overseas, most likely a infected computer on the internet being controlled by a botnet looking for servers to exploit. From the logs too I can see this IP tried the username root + password root first, then root + password second, then got blacklisted.

This is how firewalls work, if you see a intrusion log that's a good thing, take off your tinfoil hat and continue on with life, it's easier that way :)




Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial




214 posts

Master Geek
Inactive user


  Reply # 465066 3-May-2011 23:21
Send private message

yes in my hosts.deny via denyhosts i have

13749 lines

and thats my dedicated server in the states



214 posts

Master Geek
Inactive user


  Reply # 465078 4-May-2011 00:00
Send private message

ok the news is and its just not my line

all these ips are scanning common ports such as netbios and ms-msql etc

however the data may seem small but over a period of time it all adds up.

what can anyone do about it?

nothing, unless snap block the ips

so at the end of the day many others are in the same boat as i am.

1877 posts

Uber Geek
+1 received by user: 623

Trusted

  Reply # 465103 4-May-2011 06:55
Send private message

Some ISP's filter the more prolific crap, some don't. I wouldn't worry about it.

The server I have online gets hits 24/7 with SSH requests, bogus web requests, ping scans etc etc.

It's tempting I know to think that somehow you're being targetted as an individiual, but you're not. What you're seeing is commonly called Internet Background Radiation.

A very clever bloke by the name of Dean Pemberton gave a talk about it at NZNOG a few years back, you can read the pdf here if you'd like though it's just the slides that went along with the presentation.

Some ranges get targetted more than others. It might depend on how long that Internet range has been in the global routing table, there's tons of reasons.

Basically: Don't worry about it. This is why everyone's always on about keeping your machine up to date etc.




It looks like I'm using an adblocker. I should consider whitelisting Geekzone in my adblocker or a subscription. The Quick Reply box will appear for me when Geekzone is whitelisted. Hooray for me! If I want to reply to this topic I should click on Compose Reply.


954 posts

Ultimate Geek
+1 received by user: 138

UberGroup

  Reply # 465118 4-May-2011 08:27
Send private message

Welcome to the internet, This is completely normal and looks to be SYN packets trying to open a connection. If memory serves me well before my morning coffee you need about 20,000 of these packets to total 1 megabyte of traffic. It's not burning your cap or anything major.

Turn off the alerts and relax




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

213 posts

Master Geek
+1 received by user: 3

Trusted
CallPlus Group

  Reply # 465182 4-May-2011 10:23
Send private message

Trying to stop those would be like trying to stop road noise from the motorway, or filter dust particles out of the air when you're walking outside.

The data used will be so small it's not even funny, adobe flash player probably uses more just to check whether or not it's up to date.

Everyone's in the same boat, it's what happens when you're on the internet. As someone said, turn off the alerts, keep everything up to date and relax.

1332 posts

Uber Geek
+1 received by user: 152
Inactive user


  Reply # 465186 4-May-2011 10:24
Send private message

http://ip-db.com/72.20.40.51

Looks like an open proxy scanner for the IRC network at http://p2p-network.net/

There is a very good reason to stay away from anything hosted by Staminus Communications if at all possible; perhaps find a new IRC network?



214 posts

Master Geek
Inactive user


  Reply # 465190 4-May-2011 10:32
Send private message

i dont goto p2p, i run my own dedicated server for irc, web hosting

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Phone prices rising as users move upmarket
Posted 24-Nov-2017 17:16


Talking net neutrality on RNZ Nine-to-Noon
Posted 24-Nov-2017 12:11


Air New Zealand experiments with blockchain technology
Posted 23-Nov-2017 15:39


Symantec selects Amazon Web Services to deliver cloud security
Posted 23-Nov-2017 10:40


New Zealand Ministry of Education chooses Unisys for cloud-based education resourcing management system
Posted 22-Nov-2017 22:00


Business analytics software powers profits for NZ wine producers
Posted 22-Nov-2017 21:52


Pyrios strikes up alliance with Microsoft integrator UC Logiq
Posted 22-Nov-2017 21:51


The New Zealand IT services ecosystem - it's all digital down here
Posted 22-Nov-2017 21:49


Volvo to supply tens of thousands of autonomous drive compatible cars to Uber
Posted 22-Nov-2017 21:46


From small to medium and beyond: Navigating the ERP battlefield
Posted 21-Nov-2017 21:12


Business owners: ERP software selection starts (and finishes) with you
Posted 21-Nov-2017 21:11


Why I'm not an early adopter
Posted 21-Nov-2017 10:39


Netatmo launches smart home products in New Zealand
Posted 20-Nov-2017 20:06


Huawei Mate 10: Punchy, long battery life, artificial intelligence
Posted 20-Nov-2017 16:30


Propel launch Disney Star Wars Laser Battle Drones
Posted 19-Nov-2017 21:26



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.