Botnets!

Discussion in 'Computer Science & Culture' started by Confused2, Dec 4, 2016.

  1. Confused2 Registered Senior Member

    Messages:
    340
    Log from my router...
    Intrusion attempts every 10 minutes 24/7 from (apparently) random IPs - the ones I've looked at (whois) have been Asian. Presumable trying a random login until they succeed.
    Is anyone else (everyone?) seeing the same thing?

    Dec 4 12:49:54 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=124.123.184.107 DST=3.127.56.90 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42355 PROTO=TCP SPT=1174 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
    Dec 4 12:59:58 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=195.154.181.110 DST=3.127.56.90 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=18524 PROTO=TCP SPT=53954 DPT=6773 WINDOW=1024 RES=0x00 SYN URGP=0
    Dec 4 13:11:07 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=195.154.181.110 DST=3.127.56.90 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=59994 PROTO=TCP SPT=53954 DPT=5556 WINDOW=1024 RES=0x00 SYN URGP=0
    Dec 4 13:19:54 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=195.154.181.110 DST=3.127.56.90 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=9265 PROTO=TCP SPT=53954 DPT=5472 WINDOW=1024 RES=0x00 SYN URGP=0
    Dec 4 13:29:27 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=195.154.181.110 DST=3.127.56.90 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=9440 PROTO=TCP SPT=53954 DPT=9169 WINDOW=1024 RES=0x00 SYN URGP=0
    Dec 4 13:40:14 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=211.117.167.155 DST=3.127.56.90 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=55420 PROTO=TCP SPT=52343 DPT=23 WINDOW=56935 RES=0x00 SYN URGP=0
     
  2. Google AdSense Guest Advertisement



    to hide all adverts.
  3. MacGyver1968 Fixin' Shit that Ain't Broke Valued Senior Member

    Messages:
    7,028
    Do you use any torrent software like bittorrent? I would open up a browser and go to your router's setup page and close any open ports, disable remote admin login, and disable reply to ping. Also reset the admin password to something like this:

     
  4. Google AdSense Guest Advertisement



    to hide all adverts.
  5. Confused2 Registered Senior Member

    Messages:
    340
    No torrent software - all ports closed - password (fairly) good. Possible ping.

    I'm interested to know if (probably) every IP on the planet is pinged like this every 10 minutes - a considerable waste of bandwidth if it is.
    I'm in the UK and would be interested in security logs from other regions.
     
  6. Google AdSense Guest Advertisement



    to hide all adverts.
  7. MacGyver1968 Fixin' Shit that Ain't Broke Valued Senior Member

    Messages:
    7,028
    My knowledge is limited on the subject. Hopefully someone with more knowledge will come along. You might consider installing something like ZoneAlarm for added protection.
     
  8. Dr_Toad It's green! Valued Senior Member

    Messages:
    1,735
    My site has been probed by bots heavily for the last couple of days as well.

    It comes and goes: One week nothing, the next, every five minutes...

    Please Register or Log in to view the hidden image!

     

Share This Page