Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
scottr
245 posts

Master Geek

Trusted

  #465036 3-May-2011 22:10
Send private message

They may not be trying to connect to whatever you're doing, but the ip that you're holding. Personally I wouldn't worry about it, you'll get a lot of this connected to the internet. Turn router firewall on and forget.

AviZ

214 posts

Master Geek
Inactive user


  #465038 3-May-2011 22:21
Send private message

the point im making is no matter what ip my router gets it still happens,

its clearly a port scan of some sort from the realms of irc directed at new zealand ip ranges

the point i guess the more it happens the more data gets used and we as customers have to pay for that.

i will install wireshark and turn on dmz and see what it is.

 
 
 
 


michaelmurfy
/dev/null
9633 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #465054 3-May-2011 22:43
Send private message

Don't worry about it, it's normal..

Let's just take a look at the common server, mine for example:


user@sakura:~$ cat /etc/hosts.deny | tail
sshd: 208.43.127.84
sshd: 207.138.211.26
sshd: 69.175.77.158
sshd: 94.76.222.178
sshd: 123.212.43.5
sshd: 121.14.119.135
sshd: 46.45.147.25
sshd: 125.46.92.195
sshd: 123.234.81.45
sshd: 69.197.153.235

That is within a space of about 15mins, I am not worried since I do use a pubkey on my server, but anything on the internet is always being poked / prodded every now and then.

As a example again who these are coming from, 46.45.147.25 is:


person: Osman Emir CERRAHOGLU
address: Kosanbit Telekomunikasyon San. Ve Tic. Ltd. Sti
address: Cevizlik Mah. Beyaz Zambak Sok. 7/3 Bakirkoy / Istanbul
e-mail: emir@kosanbit.com
phone: +90 536 452 24 62
nic-hdl: OEC3-RIPE
mnt-by: KOSANBIT-MNT
remarks: ###################################
remarks: Abuse & intrusion reports should
remarks: be sent to: abuse@kosanbit.com
remarks: ###################################
source: RIPE # Filtered

As you can see, this is overseas, most likely a infected computer on the internet being controlled by a botnet looking for servers to exploit. From the logs too I can see this IP tried the username root + password root first, then root + password second, then got blacklisted.

This is how firewalls work, if you see a intrusion log that's a good thing, take off your tinfoil hat and continue on with life, it's easier that way :)




AviZ

214 posts

Master Geek
Inactive user


  #465066 3-May-2011 23:21
Send private message

yes in my hosts.deny via denyhosts i have

13749 lines

and thats my dedicated server in the states

AviZ

214 posts

Master Geek
Inactive user


  #465078 4-May-2011 00:00
Send private message

ok the news is and its just not my line

all these ips are scanning common ports such as netbios and ms-msql etc

however the data may seem small but over a period of time it all adds up.

what can anyone do about it?

nothing, unless snap block the ips

so at the end of the day many others are in the same boat as i am.

muppet
2295 posts

Uber Geek

Trusted

  #465103 4-May-2011 06:55
Send private message

Some ISP's filter the more prolific crap, some don't. I wouldn't worry about it.

The server I have online gets hits 24/7 with SSH requests, bogus web requests, ping scans etc etc.

It's tempting I know to think that somehow you're being targetted as an individiual, but you're not. What you're seeing is commonly called Internet Background Radiation.

A very clever bloke by the name of Dean Pemberton gave a talk about it at NZNOG a few years back, you can read the pdf here if you'd like though it's just the slides that went along with the presentation.

Some ranges get targetted more than others. It might depend on how long that Internet range has been in the global routing table, there's tons of reasons.

Basically: Don't worry about it. This is why everyone's always on about keeping your machine up to date etc.




I hate you.


Beccara
1286 posts

Uber Geek


  #465118 4-May-2011 08:27
Send private message

Welcome to the internet, This is completely normal and looks to be SYN packets trying to open a connection. If memory serves me well before my morning coffee you need about 20,000 of these packets to total 1 megabyte of traffic. It's not burning your cap or anything major.

Turn off the alerts and relax




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

 
 
 
 


scottr
245 posts

Master Geek

Trusted

  #465182 4-May-2011 10:23
Send private message

Trying to stop those would be like trying to stop road noise from the motorway, or filter dust particles out of the air when you're walking outside.

The data used will be so small it's not even funny, adobe flash player probably uses more just to check whether or not it's up to date.

Everyone's in the same boat, it's what happens when you're on the internet. As someone said, turn off the alerts, keep everything up to date and relax.

1080p
1332 posts

Uber Geek
Inactive user


  #465186 4-May-2011 10:24
Send private message

http://ip-db.com/72.20.40.51

Looks like an open proxy scanner for the IRC network at http://p2p-network.net/

There is a very good reason to stay away from anything hosted by Staminus Communications if at all possible; perhaps find a new IRC network?

AviZ

214 posts

Master Geek
Inactive user


  #465190 4-May-2011 10:32
Send private message

i dont goto p2p, i run my own dedicated server for irc, web hosting

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic





News »

Vodafone enables 5G roaming - for when international travel comes
Posted 30-Oct-2020 15:03


Spark awards funding to Kiwi businesses in 5G funding initiative
Posted 30-Oct-2020 14:58


Huawei launches IdeaHub Pro in New Zealand
Posted 27-Oct-2020 16:41


Southland-based IT specialist providing virtual services worldwide
Posted 27-Oct-2020 15:55


NASA discovers water on sunlit surface of Moon
Posted 27-Oct-2020 08:30


Huawei introduces new features to Petal Search, Maps and Docs
Posted 26-Oct-2020 18:05


Nokia selected by NASA to build first ever cellular network on the Moon
Posted 21-Oct-2020 08:34


Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS16211+
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.