Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
243 posts

Master Geek
+1 received by user: 4

Trusted

  Reply # 465036 3-May-2011 22:10
Send private message

They may not be trying to connect to whatever you're doing, but the ip that you're holding. Personally I wouldn't worry about it, you'll get a lot of this connected to the internet. Turn router firewall on and forget.



214 posts

Master Geek
Inactive user


  Reply # 465038 3-May-2011 22:21
Send private message

the point im making is no matter what ip my router gets it still happens,

its clearly a port scan of some sort from the realms of irc directed at new zealand ip ranges

the point i guess the more it happens the more data gets used and we as customers have to pay for that.

i will install wireshark and turn on dmz and see what it is.

Meow
7446 posts

Uber Geek
+1 received by user: 3584

Moderator
Trusted
Lifetime subscriber

  Reply # 465054 3-May-2011 22:43
Send private message

Don't worry about it, it's normal..

Let's just take a look at the common server, mine for example:


user@sakura:~$ cat /etc/hosts.deny | tail
sshd: 208.43.127.84
sshd: 207.138.211.26
sshd: 69.175.77.158
sshd: 94.76.222.178
sshd: 123.212.43.5
sshd: 121.14.119.135
sshd: 46.45.147.25
sshd: 125.46.92.195
sshd: 123.234.81.45
sshd: 69.197.153.235

That is within a space of about 15mins, I am not worried since I do use a pubkey on my server, but anything on the internet is always being poked / prodded every now and then.

As a example again who these are coming from, 46.45.147.25 is:


person: Osman Emir CERRAHOGLU
address: Kosanbit Telekomunikasyon San. Ve Tic. Ltd. Sti
address: Cevizlik Mah. Beyaz Zambak Sok. 7/3 Bakirkoy / Istanbul
e-mail: emir@kosanbit.com
phone: +90 536 452 24 62
nic-hdl: OEC3-RIPE
mnt-by: KOSANBIT-MNT
remarks: ###################################
remarks: Abuse & intrusion reports should
remarks: be sent to: abuse@kosanbit.com
remarks: ###################################
source: RIPE # Filtered

As you can see, this is overseas, most likely a infected computer on the internet being controlled by a botnet looking for servers to exploit. From the logs too I can see this IP tried the username root + password root first, then root + password second, then got blacklisted.

This is how firewalls work, if you see a intrusion log that's a good thing, take off your tinfoil hat and continue on with life, it's easier that way :)






214 posts

Master Geek
Inactive user


  Reply # 465066 3-May-2011 23:21
Send private message

yes in my hosts.deny via denyhosts i have

13749 lines

and thats my dedicated server in the states



214 posts

Master Geek
Inactive user


  Reply # 465078 4-May-2011 00:00
Send private message

ok the news is and its just not my line

all these ips are scanning common ports such as netbios and ms-msql etc

however the data may seem small but over a period of time it all adds up.

what can anyone do about it?

nothing, unless snap block the ips

so at the end of the day many others are in the same boat as i am.

1952 posts

Uber Geek
+1 received by user: 723

Trusted

  Reply # 465103 4-May-2011 06:55
Send private message

Some ISP's filter the more prolific crap, some don't. I wouldn't worry about it.

The server I have online gets hits 24/7 with SSH requests, bogus web requests, ping scans etc etc.

It's tempting I know to think that somehow you're being targetted as an individiual, but you're not. What you're seeing is commonly called Internet Background Radiation.

A very clever bloke by the name of Dean Pemberton gave a talk about it at NZNOG a few years back, you can read the pdf here if you'd like though it's just the slides that went along with the presentation.

Some ranges get targetted more than others. It might depend on how long that Internet range has been in the global routing table, there's tons of reasons.

Basically: Don't worry about it. This is why everyone's always on about keeping your machine up to date etc.




It looks like I'm using an adblocker. I should consider whitelisting Geekzone in my adblocker or a subscription. The Quick Reply box will appear for me when Geekzone is whitelisted. Hooray for me! If I want to reply to this topic I should click on Compose Reply.


977 posts

Ultimate Geek
+1 received by user: 149

UberGroup

  Reply # 465118 4-May-2011 08:27
Send private message

Welcome to the internet, This is completely normal and looks to be SYN packets trying to open a connection. If memory serves me well before my morning coffee you need about 20,000 of these packets to total 1 megabyte of traffic. It's not burning your cap or anything major.

Turn off the alerts and relax




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

243 posts

Master Geek
+1 received by user: 4

Trusted

  Reply # 465182 4-May-2011 10:23
Send private message

Trying to stop those would be like trying to stop road noise from the motorway, or filter dust particles out of the air when you're walking outside.

The data used will be so small it's not even funny, adobe flash player probably uses more just to check whether or not it's up to date.

Everyone's in the same boat, it's what happens when you're on the internet. As someone said, turn off the alerts, keep everything up to date and relax.

1332 posts

Uber Geek
+1 received by user: 152
Inactive user


  Reply # 465186 4-May-2011 10:24
Send private message

http://ip-db.com/72.20.40.51

Looks like an open proxy scanner for the IRC network at http://p2p-network.net/

There is a very good reason to stay away from anything hosted by Staminus Communications if at all possible; perhaps find a new IRC network?



214 posts

Master Geek
Inactive user


  Reply # 465190 4-May-2011 10:32
Send private message

i dont goto p2p, i run my own dedicated server for irc, web hosting

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07


All or Nothing: New Zealand All Blacks arrives on Amazon Prime Video
Posted 2-Jun-2018 16:21


Innovation Grant, High Tech Awards and new USA office for Kiwi tech company SwipedOn
Posted 1-Jun-2018 20:54


Commerce Commission warns Apple for misleading consumers about their rights
Posted 30-May-2018 13:15


IBM leads Call for Code to use cloud, data, AI, blockchain for natural disaster relief
Posted 25-May-2018 14:12


New FUJIFILM X-T100 aims to do better job than smartphones
Posted 24-May-2018 20:17


Stuff takes 100% ownership of Stuff Fibre
Posted 24-May-2018 19:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.