New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
man, drink your coffee
Already did, but what does that have to do with anything?
I'm just trying to set down a baseline for what we are talking about here, since I strongly suspect that what you call "hacking" is just common internet background noise.
Low end stupid humour
SYN packets from the same subnet on random ports, no random noise. Do you think random people connect to random ip addresses and search for random ports which are not the usual ones http/https/imap/dns/etc...? portscan dude
Either they're scanning the entire IP space to develop a Shodan-like platform or you're doing something that interests them.
But unless you share the ranges you're getting scanned by nobody can tell you whether they see similar scanning activity in their own logs, and without knowing your activities it's impossible to say why it's happening.
Sue em.
I know what is happening. I just wanted to know what is the follow up when your services are targeted. Nobody does something here I guess. Fail2ban is not the way to go or to share ip ranges, as its just a simple cat and mouse game. I'd rather stay away from this game at all. I switched to complete lockdown of ports and use only vpn software now. And the cloudflare ip's are whitelisted. Keeping a close on eye on them now...
I do not think anything, that is why I'm asking. You never revealed what kind of connection attempts we are talking about, what ports or at what rate, so to even be able to know what we are talking about I had to ask those questions.
And yes, people do connect to random ports, that is the background noise I was referring to. Random connects happen all the time, that was why I asked about at what rate those connections occur. For some reason you seem very reluctant to share that kind of information so I still have no clue if we are talking about targeted attacks or just noise.
In general, the problem is who is scanning your IP address. If it is done by CERT-BUND (a German governmental security organization) to warn the owner about possible vulnerabilities, then this is one case. If the scanning is done by an anonymous person for an unknown purpose, then this is a completely different case.
definitely be one of those guys sending abuse reports to everybody related to the ips touching you
i was scanning them and boom something for us to read....
I was about to say "just block their ranges" but now it's clear that you actually have multiple different options to block their scanning.
Also I had the questions in mind @rcy026 asked you.
thread can be closed.
Reputable research organizations' subnets will be whitelisted on AbuseIPDB anyway.
Port scanning is neither illegal nor intrinsically malicious. It's often a prelude to malicious actions when it's performed by a malicious actor, but chances are, you're being scanned by a fully legitimate research organization and they are not going to do anything to harm you. They're collecting non-private data.
The one and only reason that port scanning is often verboten among hosting providers is that people so often associate it with malicious activity that they report it and their IPs get added to blacklists which makes the (already expensive) IPv4 space harder to sell. Not because it's illegal.
If this really worries you, most of these research organizations allow you to opt out of future scanning. If not: