> Simple. Random IP-address block scans. Having the box live on the 'net > alone guarantees that it will get some random hits. Prepare to see lot more > of them from here-on. > > Script-kiddies, trying to find suitable hosts for their mass exploitation > tools. Worms, eagerly propagating on their own means; And spammers > (spammerbots?) trying to find open relays they could abuse. > > The only thing you can do is to make damn certain your box does not become > part of the problem.
I know. It is crazzy. I actually would like to see some sort of a better defence than just standing there uselessly. I mean, in real life if a country (community etc..) gets attacked by another, there is usually a "war" and someone is tought a lesson. But here, all we do is sit arround do nothing. I usually get about 20 probes per day for ssh or relay. And for other ports, well, 1808 234K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 over 10 day period. I realize, that's nothing if you are an ISP. LOL, imagine what microsoft.com has to be getting!!! - Adam
