![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Either the DHS is attacking me, or else they've got compromised computers...
In my logs I see 1147 attempts from 64.69.57.20 to my web server; e.g.
( Read more... )
The Nessus proxy check line makes me think this might be a generic scan... but why my machine?
They didn't stop there... I have SSHD running on a non-standard port. If someone attempts to connect too frequently then they get blocked (simple iptables rule). I can see 6 dropped packets from the same SRC=64.69.57.20 to my SSH port.
Didn't stop there, either. DNS attempts?
( Read more... )
Looks like also some port scans, 'cos I can see "rsync" (started from xinetd) being woken up (but it rejects them access).
And, from another machine on the same network, SMTP attacks!
( Read more... )
(66 attempts against SMTP)
OK, OK, this all looks like an "out of the box" type scan from some misconfigured security tool. But it's funny that it's the DHS!
In my logs I see 1147 attempts from 64.69.57.20 to my web server; e.g.
( Read more... )
The Nessus proxy check line makes me think this might be a generic scan... but why my machine?
They didn't stop there... I have SSHD running on a non-standard port. If someone attempts to connect too frequently then they get blocked (simple iptables rule). I can see 6 dropped packets from the same SRC=64.69.57.20 to my SSH port.
Didn't stop there, either. DNS attempts?
( Read more... )
Looks like also some port scans, 'cos I can see "rsync" (started from xinetd) being woken up (but it rejects them access).
And, from another machine on the same network, SMTP attacks!
( Read more... )
(66 attempts against SMTP)
OK, OK, this all looks like an "out of the box" type scan from some misconfigured security tool. But it's funny that it's the DHS!
