Internet Port Probing Sessions....on a6n.co.uk

I was loking though my security logs on one of the old decomissioned routers I used to route prtentioannly dangerous internet traffic, the security settings for this router were either On or Off, no customisation whatsoever.....
So upon looking though the security log I noticed that we were continually getting port scanned from the big internet cloud...so I thought I might me worth investigating this information to see what type of attacks we were getting...so if firewall security does not intrest you then ignore this post...
I am sure this is quite standard for people to port probe with utilities like Superscanner that allow you to enter either an IP address or hostname and you will get a report on all open ports....but how often these are run on IP addresses could cause concern if you are not experienced...
The chart is as follows for these attacks..

The IP Addresses
IP : 220.231.17.2 in China, Beijing

IP : 81.11.204.12 in Brussels, Europe

IP : 222.93.132.122 in China, Beijing

IP : 194.73.107.250 United Kingdom, Solihull

The TCP Ports
sshd attacked 341 times

iden attacked 78 times

sftp attacked 44 times

UUCP Path attacked 24 times

SQL Server attacked 35 times

NNTP attacked 34 times

NETBIOS Name Service attacked 158 times

NETBIOS Session Manager attacked 198 times

A few pointers to people trying to find exploits, if your software reports a connection Closed or Stealthed then do not try again and again the port will not open magically.....also I have never run any NNTP or SQL Server services since I have started personal web hosting, so please stop scanning just in case.....also if I had these services enabled then ISA2006 would stop any hacks to my internal boxes (that is after you get though a dedicated firewall and security router)
If your IP is logged as port scanning then your IP will be blocked at first entry point from the internet therefore you will be unable access this blog or any other services offered by myself.....once your on this list you are not coming off.....so if this site stops loading all of a sudden and you get a Forbidden error then your blocked.....sorry, preventative security rulez!
Previous Post Next Post

نموذج الاتصال