2016-12-25 14:15 GMT+01:00 <[email protected]>: > On 25 December 2016 13:28:36 EET, "Ionel Mugurel Ciobîcă" < > [email protected]> wrote: > > > >Crăciun fericit, tuturor. > > > > > >Pot face ceva despre port scanurile astea: > > > >| root@romania:/etc/yate# zgrep fSrpauxy /var/log/syslog* > >| /var/log/syslog:Dec 25 07:10:31 romania scanlogd: > >110.249.212.46:55555 to 192.168.1.3 ports 2455, 771, 8090, 44818, 1911, > >4911, ..., fSrpauxy, TOS 00, TTL 239 @07:10:31 > >| /var/log/syslog.1:Dec 24 15:26:56 romania scanlogd: 37.48.65.171 to > >192.168.1.3 ports 80, 443, 81, 82, 83, 84, ..., fSrpauxy, TOS 00, TTL > >119 @15:26:47 > >| /var/log/syslog.1:Dec 24 22:17:31 romania scanlogd: > >94.102.56.181:53885 to 192.168.1.3 ports 31443, 34443, 1443, 8443, > >40443, ..., fSrpauxy, TOS 00, TTL 242 @22:11:57 > >| /var/log/syslog.2.gz:Dec 24 05:18:01 romania scanlogd: > >222.186.31.200:48408 to 192.168.1.3 ports 4500, 1100, 4600, 1818, 3900, > >1300, 2700, ..., fSrpauxy, TOS 00 @03:08:17 > >| /var/log/syslog.7.gz:Dec 18 17:54:14 romania scanlogd: 46.38.235.169 > >to 192.168.1.3 ports 80, 8080, 8090, 9090, 8081, 8082, 8083, 8180, ..., > >fSrpauxy, TOS 00, TTL 52 @17:54:13 > >| /var/log/syslog.7.gz:Dec 18 19:15:29 romania scanlogd: 85.17.15.156 > >to 192.168.1.3 ports 443, 445, 113, 111, 22, 80, ..., fSrpauxy, TOS 00 > >@19:15:29 > >| /var/log/syslog.8.gz:Dec 17 09:08:37 romania scanlogd: 185.40.4.169 > >to 192.168.1.3 ports 4337, 800, 9999, 8383, 9024, 8989, 9091, ..., > >fSrpauxy, TOS 00, TTL 241 @07:28:30 > >| /var/log/syslog.8.gz:Dec 17 12:23:01 romania scanlogd: 185.40.4.169 > >to 192.168.1.3 ports 9002, 40005, 8086, 91, 4001, 82, 888, 8481, ..., > >fSrpauxy, TOS 00, TTL 241 @10:25:00 > >| /var/log/syslog.8.gz:Dec 17 23:23:13 romania scanlogd: > >80.82.65.90:53618 to 192.168.1.3 ports 9097, 9595, 9081, 9179, 9035, > >9106, ..., fSrpauxy, TOS 00, TTL 247 @23:18:16 > > > >sau nu ar trebui să fiu îngrijorat? > > > >Am mutat portul ssh de pe 22 undeva mai sus (de ceva vreme). Oare asta > >caută? Pot opri scanurile astea cumva (dacă ar trebui să fiu > >îngrijorat)? > > > >Mersi, > > Mugurel > >_______________________________________________ > >RLUG mailing list > >[email protected] > >http://lists.lug.ro/mailman/listinfo/rlug > > Nu poti opri fiindca le fac altii. Poti insa securiza portul 22.
http://mikhailian.mova.org/node/147 > Evident ideal ar fi sa permiti conectarea numai de la adrese cunoscute. > Daca nu poti face asta, exista iptables match recent care e minunat in > acest context, sau alternativ port knocking. Nu muta daemonul mai sus de > portul 1024 ca risti sa dai in alte belele. Daca tii ca din exterior sa se > vada un port > 1024, fa un redirect local cu iptables. > > Iar daca vrei sa faci viata mai grea alora de scaneaza, aranjeaza un -j > TARPIT sau -j DROP temporar ca reactie cind te pipaie (dar tb sa > reactionezi in perioada respectiva, nu dupa ... si sa ai grija sa > whitelistezi partenerii cunoscuti ca sa nu devii victima unui atac cu IPuri > spoofate). > _______________________________________________ > RLUG mailing list > [email protected] > http://lists.lug.ro/mailman/listinfo/rlug > _______________________________________________ RLUG mailing list [email protected] http://lists.lug.ro/mailman/listinfo/rlug
