From Newsgroup: Micronet.MIN_COMP
Hello All,
I was looking at my fail2ban setup tonight and noticed some unusual activity. Lo and behold, the IP is registered to Microsoft. What it's doing scanning my SSH port I don't know but I went looking around on Google and
I was looking at my fail2ban setup tonight and noticed some unusual activit Lo and behold, the IP is registered to Microsoft. What it's doing scanning SSH port I don't know but I went looking around on Google and found a way t
Are you sure that's just not traffic from their antivirus software
calling home or something like that. do you have a windows computer?
Its likely a botnet operating on Azure infrastructure.
Its likely a botnet operating on Azure infrastructure.
That too which is why I have been blocking virtual private hosts like crazy lately. It's always chasing my tail though because I'm seemingly always behind.
You'll never be able to 100% block them, but I don't notice them at
all with pfsense at the helm.
There's one problematic group called FranTech, with the company registered in Wyoming but with a .ca TLD, that has been causing issues for quite some time.
I am making a dent though because they're showing up less often in my system logs.
I love pfSense. <G>
-- Sean
there's millions of scanners out there, so i just let them scan unless
i see them hitting hard and then i put them in my firewall.
there's millions of scanners out there, so i just let them scan unless i see them hitting hard and then i put them in my firewall.
pfSense, by default, blocks all unsolicited traffic. These IPs that are showing up are scanning my SSH port.
Why is SSH open to the world? That should be behind OpenVPN?
You use the DNSBL in pfBlockerNG to do this in pfSense.
You CAN block directly via CIDR but you have to make eight seperate
rules and I do not feel like doing that. <G>
... "Does anyone REALLY read these stupid quotes?" - the SysOp
Why is SSH open to the world? That should be behind OpenVPN?
Because MBSE allows SSH connections, that's why. I have callers that use i^^^^^^^^^^^^^^^^^^^
Why? That's SOO dumb ... people are too much like sheep anymore.
It's a friggin' BBS for God's sake.
Didn't I say we NEVER talk about SSH ... it makes us angry ....
remember? ;)
Why is SSH open to the world? That should be behind OpenVPN?
Didn't I say we NEVER talk about SSH ... it makes us angry .... remember? ;
Why is SSH open to the world? That should be behind OpenVPN?
Because MBSE allows SSH connections, that's why. I have callers that
use it.
... A dog accepts you as boss. A cat wants to see your resume.
Daryl Stout wrote to Sean Dennis <=-
I set up a special door to advise folks of the ports for SSH and QOTD (Quote Of The Day). Because bots were slamming it, I set the values to non-conventional. Verified Users In Good Standing can get those values from that door...and I've noted where the SSH logon bypasses the
CAPTCHA entry.
from that door...and I've noted where the SSH logon bypasses the CAPTCHA entry.
I discovered that Spectrum silently blocks port 23 so I have kept the BBS' telnet port on 10123. They also block the QOTD port. I chose to keep the SSH port on 22 but if I moved it elsewhere, I'd have no issues, but I am not letting script kiddies dictate my hobby.
If you take a look at this webpage about blocked ports, you'll notice that Spectrum says nothing about blocking port 23 but they do:
https://www.spectrum.net/support/internet/blocked-ports
i'm on spectrum and i can open up port 23. i just tested it.
it probably depends on the territory they took over. if the old guys
did it, they probably do the same.
Why is SSH open to the world? That should be behind OpenVPN?
Didn't I say we NEVER talk about SSH ... it makes us angry .... remember? ;)
Sysop: | deepend |
---|---|
Location: | Calgary, Alberta |
Users: | 255 |
Nodes: | 10 (0 / 10) |
Uptime: | 152:37:14 |
Calls: | 1,724 |
Calls today: | 4 |
Files: | 4,107 |
D/L today: |
10 files (9,986K bytes) |
Messages: | 392,939 |