I was loking though my security logs on one of the old decomissioned routers I used to route prtentioannly dangerous internet traffic, the security settings for this router were either On or Off, no customisation whatsoever.....
So upon looking though the security log I noticed that we were continually getting port scanned from the big internet cloud...so I thought I might me worth investigating this information to see what type of attacks we were getting...so if firewall security does not intrest you then ignore this post...
I am sure this is quite standard for people to port probe with utilities like Superscanner that allow you to enter either an IP address or hostname and you will get a report on all open ports....but how often these are run on IP addresses could cause concern if you are not experienced...
The chart is as follows for these attacks..
The IP Addresses
IP : 220.231.17.2 in China, Beijing
IP : 81.11.204.12 in Brussels, Europe
IP : 222.93.132.122 in China, Beijing
IP : 194.73.107.250 United Kingdom, Solihull
The TCP Ports
sshd attacked 341 times
iden attacked 78 times
sftp attacked 44 times
UUCP Path attacked 24 times
SQL Server attacked 35 times
NNTP attacked 34 times
NETBIOS Name Service attacked 158 times
NETBIOS Session Manager attacked 198 times
A few pointers to people trying to find exploits, if your software reports a connection Closed or Stealthed then do not try again and again the port will not open magically.....also I have never run any NNTP or SQL Server services since I have started personal web hosting, so please stop scanning just in case.....also if I had these services enabled then ISA2006 would stop any hacks to my internal boxes (that is after you get though a dedicated firewall and security router)
If your IP is logged as port scanning then your IP will be blocked at first entry point from the internet therefore you will be unable access this blog or any other services offered by myself.....once your on this list you are not coming off.....so if this site stops loading all of a sudden and you get a Forbidden error then your blocked.....sorry, preventative security rulez!
So upon looking though the security log I noticed that we were continually getting port scanned from the big internet cloud...so I thought I might me worth investigating this information to see what type of attacks we were getting...so if firewall security does not intrest you then ignore this post...
I am sure this is quite standard for people to port probe with utilities like Superscanner that allow you to enter either an IP address or hostname and you will get a report on all open ports....but how often these are run on IP addresses could cause concern if you are not experienced...
The chart is as follows for these attacks..
The IP Addresses
IP : 220.231.17.2 in China, Beijing
IP : 81.11.204.12 in Brussels, Europe
IP : 222.93.132.122 in China, Beijing
IP : 194.73.107.250 United Kingdom, Solihull
The TCP Ports
sshd attacked 341 times
iden attacked 78 times
sftp attacked 44 times
UUCP Path attacked 24 times
SQL Server attacked 35 times
NNTP attacked 34 times
NETBIOS Name Service attacked 158 times
NETBIOS Session Manager attacked 198 times
A few pointers to people trying to find exploits, if your software reports a connection Closed or Stealthed then do not try again and again the port will not open magically.....also I have never run any NNTP or SQL Server services since I have started personal web hosting, so please stop scanning just in case.....also if I had these services enabled then ISA2006 would stop any hacks to my internal boxes (that is after you get though a dedicated firewall and security router)
If your IP is logged as port scanning then your IP will be blocked at first entry point from the internet therefore you will be unable access this blog or any other services offered by myself.....once your on this list you are not coming off.....so if this site stops loading all of a sudden and you get a Forbidden error then your blocked.....sorry, preventative security rulez!
Tags
Firewalls