BGP with only retn or rostelecom peering in europe

Comments

• tentor Member, Host Rep

  July 2024

  @totally_not_banned said:

  @zGato said:

  @totally_not_banned said:

  @zGato said:
  ICMP echo reply

  That's probably not really distorting the result much. I've hardly ever seen any random ICMP traffic at all. It's rather pretty all an assortment of more or less weird TCP packets.

  But there are still a few of those bots that try to ping the IP before scanning it

  Interesting. I pretty much used to be addicted to traffic dumps and i don't think i've ever seen a single ping (be it request or reply).

  I periodically see multiple echo-requests sent from an IP addresses with a relationship to some GeoIP services

  Thanked by 1totally_not_banned
• Obelous Member

  July 2024

  @tentor said:

  @zGato said: Here's a list of countries that I have some logged suspicious activity (1 month): US NL BG IN CN UK HK DE (Using Maxmind DB which is well known to not be accurate)

  As per our statistics:

  • United States, 1978 blocked IP addresses
  • China, 1863
  • United Kingdom, 633
  • Hong Kong, 470
  • South Korea, 459
  • Others, 4838

  However I am not sure how precise their GeoIP. There is a list of IP addresses anyway, so you can measure yourself

  I put all these through ipinfo.io (which I consider the most accurate by far)

  China: 24.6%
  United States: 7.2%
  India: 7.1%
  South Korea: 3.9%
  Russia: 3.4%

  https://ipinfo.io/tools/summarize-ips/fae5b45b-aa48-49de-9c3a-d7a6f5f00ef5

  Thanked by 1tentor
• alexhost Member, Patron Provider

  July 2024

  Hello,

  We use RETN also in Moldova Location.

  Take a look
  https://bgp.tools/as/200019#connectivity

  Anything you can contact us, perhaps we can do something for you.
  https://alexhost.com

  Just contact us in any case.
  Alexhost
• kevinds Member, LIR

  July 2024

  @zGato said:
  All of my VPSs were idling at some point, with port 22 open. I was always greeted with "X number of loging attemps were made since X", and yet, none of those VPSs were hosting anything.

  My home router is getting 24/7 attacked by random IPs at all times, to all random ports possible, but I have 0 ports exposed to the internet. I'll add that very few IPs are really from Russia, but most of them are from NL, BG, US, UK, ... (info based on Maxmind which is always inaccurate)

  You were being scanned, and SSH login attempts, that is not DDoS.. That is the normal shit traffic on the internet... I don't even log SSHd anymore.. Only one OS won't allow me to not log it, so on that OS the IP gets on the ACL as soon as it uses a bad username.

  It is bloody annoying but that isn't a DDoS attack..
• xxsl Member, LIR

  July 2024

  @kevinds said: SSH login attempts

  Setup a honeypot on 22 you could find lots of fun by watching these script kids acting

  Thanked by 1sasslik
• kevinds Member, LIR

  July 2024 edited July 2024

  @xxsl said:
  Setup a honeypot on 22 you could find lots of fun by watching these script kids acting

  Not really.. It is the same crap every time.. Either connects to a bot-net or starts to transfer all files and then encrypts the server..

  SSHd is secure, so I stopped logging it on most systems..

  Thanked by 1xxsl
• kevinds Member, LIR

  July 2024

  Bigger annoyance is the well established companies doing the scanning and 'data mining'...

  Shopify and Wix are very frequently blocked because they scan our IP space..

  Lets Encrypt will not admit it but their 'verification' never passes because their IPs are in our scanners ACL drop list..

  They figure if it is a commonly accessed service, they will be white-listed??

  Mindgeek/Aylo too is another.. Google and Microsoft (both their cloud and non-cloud ranges), plus the known groups like Shodan.io.

  Blocking does work though.. Our IP space on all the databases always comes up empty.

  Thanked by 1xxsl