[BlueOnyx:12789] Re: DNS attack profile
Steven Howes
steve-lists at geekinter.net
Tue Apr 9 09:14:29 -05 2013
On 9 Apr 2013, at 14:36, Dr. Blunt wrote:
> I had this on just ONE of my servers last night
>
> --------------------- iptables firewall Begin ------------------------
> Logged 54220 packets on interface eth0
> From 46.21.161.37 - 45 packets to tcp(22)
> From 50.30.35.41 - 90 packets to tcp(22)
> From 58.30.229.98 - 45 packets to tcp(22)
> From 58.225.75.228 - 45 packets to tcp(22)
> From 75.99.120.194 - 17978 packets to tcp(25)
> From 78.60.146.192 - 45 packets to tcp(22)
> From 93.115.175.105 - 17982 packets to tcp(25)
> From 114.80.125.211 - 17685 packets to tcp(25)
> From 115.238.101.39 - 45 packets to tcp(22)
> From 188.241.179.171 - 45 packets to tcp(22)
> From 202.136.60.142 - 45 packets to tcp(22)
> From 202.171.42.162 - 34 packets to tcp(25)
> From 203.114.114.181 - 1 packet to tcp(22)
> From 210.15.239.58 - 90 packets to tcp(25)
> From 222.73.219.164 - 45 packets to tcp(22)
> ---------------------- iptables firewall End -------------------------
None of that is DNS though. SSH/SMTP brute forces are sadly common place - but relatively easy to defend against with the usual tools.
S
More information about the Blueonyx
mailing list