Multiple attempts daily on same ports.
Collapse
X
-
Re: Multiple attempts daily on same ports.
Are you joking or is that really true? I'm working at becoming compliant but hell, so don't see how someone a company just starting up could meet the deadline. You should see the stuff that's required. I can copy some of it and post it here if anyone's interested. It's insane-- Law of Expanding Memory: Applications Will Also Expand Until RAM Is FullComment
-
Re: Multiple attempts daily on same ports.
Are you joking or is that really true? I'm working at becoming compliant but hell, so don't see how someone a company just starting up could meet the deadline. You should see the stuff that's required. I can copy some of it and post it here if anyone's interested. It's insaneComment
-
Re: Multiple attempts daily on same ports.
I figure we'll become compliant anyways. I mean, what's wrong with be a little more safe or taking proper measures to really tighten down the equipment? No harm in that I guess.
Using Windows 10 Enterprise E3 (CSP). The cloud thing is kinda cool, but if it was Linux, it'd be setup by now! Holy cow, does Microsoft have to make the smallest things overly complicated!
My wife, being a Windows user, seems a bit more comfortable with it than I do and knows her way around a bit more. You figure setting up a conference call should be as easy as sending an e-mail, right? Oh no. You gotta go through all these bells and whistles and then pray to whoever that it actually works. We log into our PCs with our corporate names, just like we would if we were connected to a domain. That connects us to our Microsoft on-line account.
We got control over a lot of stuff. For example, I can turn telemetry off with a click of a button for the entire organization, or I can prevent Skype users from talking to people outside of the organization. I can deploy software to their machines, or remove it, etc. That's kinda nice, but I can do the same stuff on my domain (which runs Linux) just by SSHing in and running a few commands.-- Law of Expanding Memory: Applications Will Also Expand Until RAM Is FullComment
-
Re: Multiple attempts daily on same ports.
I said that, because apparently, some folks in Europe, don't give a dang if revolutionary war II occurs, because of some folks in Europe forcing foreign law on the U.S.! Remember the late-1770s when studying history? A repeat of history could occur again!ASRock B550 PG Velocita
Ryzen 9 "Vermeer" 5900X
32 GB G.Skill RipJaws V F4-3200C16D-32GVR
Arc A770 16 GB
eVGA Supernova G3 750W
Western Digital Black SN850 1TB NVMe SSD
Alienware AW3423DWF OLED
"¡Me encanta "Me Encanta o Enlistarlo con Hilary Farr!" -Mí mismo
"There's nothing more unattractive than a chick smoking a cigarette" -Topcat
"Today's lesson in pissivity comes in the form of a ziplock baggie full of GPU extension brackets & hardware that for the last ~3 years have been on my bench, always in my way, getting moved around constantly....and yesterday I found myself in need of them....and the bastards are now nowhere to be found! Motherfracker!!" -Topcat
"did I see a chair fly? I think I did! Time for popcorn!" -ratdude747Comment
-
Re: Multiple attempts daily on same ports.
I think it's a good thing. I've had the bank call me one too many times saying a website was compromised and my credit card info was stolen. I use PayPal mainly now.
They're not really doing anything different than our President is doing with the import / export laws. He raises the import taxes and says if you want to do business with us, either pay more money or don't do business.
Europe isn't forcing us do any business with them, they're just saying if we do, we have to make sure their citizens data is properly protected. I think it's good in a sense. To us, if we get fined something like 100,000$, that's a lot of money, and would ruin us. But with a company like Microsoft, for instance, that's a little slap on the wrist. 4% isn't though.
I remember when Equifax was hacked. My information was one of the ones that the hackers got. I received free credit monitoring for life, but they made a few mistakes after being hacked. And I think Yahoo took over a year to go public that they where hacked? One of those big companies did. If we all followed some stricter guidelines when it came to stuff like setting up servers that stored credit card numbers, social security numbers, etc, I think the world might be a little bit better of a place.-- Law of Expanding Memory: Applications Will Also Expand Until RAM Is FullComment
-
Re: Multiple attempts daily on same ports.
No, you don't have to block them, they will block you. Goodbye business. At least it's probably still better than china's policy...
And yes I get my fair share of hack attempts too. Even machines in my public ip subnet I don't have turned on for many days, weeks, months - as soon as I turn them back on, I get attacks.Comment
-
Re: Multiple attempts daily on same ports.
Yeah.
We upgraded cPanel, and all of a sudden, the "attack" stopped. Just like that. But I don't think it was related the update or anything. I think the people just either gave up or ran out of IP addresses to use. I've never had one attack last this long, but every day, my servers are just like all of yours, and are under constant hacking attempts...
I like the ones where they're trying to brute force my SSH server. They're trying usernames and passwords on port 22, which is closed (my SSH server is on a much higher port), and keyboard authentication is disabled. Can only get in with a private key. But they'll run their attack for a good while, every time they get blocked, it'll come from a new IP address.
I wonder how they do that. They using some sort of proxy or do you think they just have control over many different machines around the world?-- Law of Expanding Memory: Applications Will Also Expand Until RAM Is FullComment
-
Re: Multiple attempts daily on same ports.
+1 f2b
Another option, highly recommended, download pfsense router and turn on “suricata” an IDS/ips. It will block those connection attempts at the ip level with rules you can turn on and off. It's a really sweet plugin for pfsense.Comment
-
Things I've fixed: anything from semis to crappy Chinese $2 radios, and now an IoT Dildo....
"Dude, this is Wyoming, i hopped on and sent 'er. No fucking around." -- Me
Excuse me while i do something dangerous
You must have a sad, sad boring life if you hate on people harmlessly enjoying life with an animal costume.
Sometimes you need to break shit to fix it.... Thats why my lawnmower doesn't have a deadman switch or engine brake anymore
Follow the white rabbit.Comment
-
-
Re: Multiple attempts daily on same ports.
The problem is it isn't one IP address. It's very many IP addresses. As soon as one got blocked, a new one would start. Now I have most of them blocked I do believe, but I'm occasionally getting an email from my server saying it blocked them again (maybe once every 3 or 4 days).
Sorry the delay in getting back to everyone. Was very busy, working very hard, configuring various things on my side for our new business. Almost there!-- Law of Expanding Memory: Applications Will Also Expand Until RAM Is FullComment
-
Re: Multiple attempts daily on same ports.
Do you block ICMP ping requests? I allow them through my firewall. I could whitelist them just for my site I various domains I guess, but I like having it open.
Granted, I guess someone could use them to against me as a DDoS attack.-- Law of Expanding Memory: Applications Will Also Expand Until RAM Is FullComment
-
Re: Multiple attempts daily on same ports.
eccerr0r, the way the article reads, it almost seems like a reverse DNS PTR record is a bad thing. Generally, without one, mail will tend to fail. Lot of mail servers use that to check if it's authentic. Right now, I can only have one and haven't properly finished setting up the DNS server on the new business domains, mainly DMARC.
I've attempted, but when we switched from Office 365 ProPlus to Office 365 Enterprise E3 (with the PSTN license), I think it broke Microsoft's portal and I have to delete the domains and readd them.
I like how I can hit a button and they'll call me in 5 minutes, 24x7. And even though at night, I get people from Eastern countries, so far, they seem to speak better English than me! They're knowledgeable as well.
Overall, this whole cloud service thing is a nice concept, but just like with any Microsoft product, it's bugger than shit.
Gonna try to see if I can setup an open-source (or free) Linux domain controller with that actively supports Microsoft Exchange and Active Directory, so it can sync with their shit, rather than having to log into their domain everything I want to use the PC.-- Law of Expanding Memory: Applications Will Also Expand Until RAM Is FullComment
-
Re: Multiple attempts daily on same ports.
Looks like the attack might have been from w00tw00t.at.blackhats.romanian.anti-sec.
Now that the attack stopped and I got a chance to setup my mail clients, I see a final message from modesc, showing them trying to access various url's.
So they where more than likely attempting to use multiple PCs to hack into my server. I noticed eventually, the ports started to change ever so slightly. They'd still try 7001, etc, but then in the end, they'd try a different port.
My hypothesis is they had a multiple list of exploits and with each attempt, they'd try them, and with port 8080 being used by so many programs, perhaps there where more exploits for port 8080, than there was for 7001.
If it where, which I wouldn't do, obviously, I'd use the first IP to see how many times I could connect before being banned. Then configure my auditing program to do a port scan. Try x amount of ports, where x is the number of times I could connect before being banned, switch IPs, then try another. I'd first build a list of ports. Then I'd try walking the zone.
If there was a webserver, I'd probably explore that a bit. But I definitely wouldn't spend weeks trying to crack a closed port, even if all I had to do was hit a button and stay back. Makes me think this person wasn't so much a hacker as he was a script kiddie.-- Law of Expanding Memory: Applications Will Also Expand Until RAM Is FullComment
-
Re: Multiple attempts daily on same ports.
Has anyone watched this video yet?
https://youtu.be/U3QXMMV-Srs
I was in the process of locking down our printer, but noticed it only supports RSA2 (2048 bit) and DSA (1024 bit). I contacted Brother because everytime I tried uploading my ecdsa-sha2-nistp521 private key, it'd say the key already existed. I reached a call center and what a joke that was! Holy cow! Guy kept on thinking it was a permission issue on the server that was running the SSH / SFTP server. I kept on saying we cannot setup the profile until the keys imported, so the printer doesn't know about any folders yet. He asked to speak to the IT department. I told him I was the IT department.
Finally, he tells me to contact my ISP! I said what? You want me to contact my ISP to have them fix your printer? This is ridiculous! They're just gonna tell me to go to hell and call you guys!
So I wrote to them, expecting a stupid sorry for the inconvenience, try again or something. They had a level 5 tech call me! And I told him what I wanted, and I also said I found some bugs in their firmware on the printer (the web interface, mainly), plus how it wasn't what I considered secure, and how their Linux driver scripts had some issues but I fixed them, and how they should consider setting up some Linux repo's so our package managers can automatically update the various packages.
He said he wants me to write it all in an email to him (he sent me his address) and include my changed script, with the documentation on what I changed, and he'll send everything over to the programming department.
I said if they don't implement it, perhaps I could sign an NDA and just get the part of the firmware that deals with the SSH client / server that's built into the printer, and modify it myself, send it back, and have them custom build me an image. He said mention that too and we'll go from there.-- Law of Expanding Memory: Applications Will Also Expand Until RAM Is FullComment
Related Topics
Collapse
-
This specification for the HP Elite Slice G2 + Tefal Daily Cook Saucepan Set can be useful for upgrading or repairing a desktop PC that is not working. As a community we are working through our specifications to add valuable data like the Elite Slice G2 + Tefal Daily Cook Saucepan Set boardview and Elite Slice G2 + Tefal Daily Cook Saucepan Set schematic. Our users have donated over 1 million documents which are being added to the site. This page will be updated soon with additional information. Alternatively you can request additional help from our users directly on the relevant badcaps forum....09-12-2024, 02:20 PM
-
This specification for the HP EliteBook x360 1030 G3 + Tefal Daily Cook Saucepan Set Hybrid (2-in-1) can be useful for upgrading or repairing a laptop that is not working. As a community we are working through our specifications to add valuable data like the 1030 G3 + Tefal Daily Cook Saucepan Set boardview and 1030 G3 + Tefal Daily Cook Saucepan Set schematic. Our users have donated over 1 million documents which are being added to the site. This page will be updated soon with additional information. Alternatively you can request additional help from our users directly on the relevant badcaps...09-06-2024, 09:00 AM
-
HP EliteBook 840 G5 + Tefal Daily Cook Saucepan Set Notebook 800 Specification for Upgrade or RepairThis specification for the HP EliteBook 840 G5 + Tefal Daily Cook Saucepan Set Notebook can be useful for upgrading or repairing a laptop that is not working. As a community we are working through our specifications to add valuable data like the 840 G5 + Tefal Daily Cook Saucepan Set boardview and 840 G5 + Tefal Daily Cook Saucepan Set schematic. Our users have donated over 1 million documents which are being added to the site. This page will be updated soon with additional information. Alternatively you can request additional help from our users directly on the relevant badcaps forum. Please...09-06-2024, 09:00 AM
-
This specification for the HP EliteBook 1050 G1 + Tefal Daily Cook Saucepan Set Notebook can be useful for upgrading or repairing a laptop that is not working. As a community we are working through our specifications to add valuable data like the 1050 G1 + Tefal Daily Cook Saucepan Set boardview and 1050 G1 + Tefal Daily Cook Saucepan Set schematic. Our users have donated over 1 million documents which are being added to the site. This page will be updated soon with additional information. Alternatively you can request additional help from our users directly on the relevant badcaps forum. Please...09-06-2024, 09:00 AM
-
This specification for the HP EliteBook x360 1040 G5 + Tefal Daily Cook Saucepan Set Hybrid (2-in-1) can be useful for upgrading or repairing a laptop that is not working. As a community we are working through our specifications to add valuable data like the 1040 G5 + Tefal Daily Cook Saucepan Set boardview and 1040 G5 + Tefal Daily Cook Saucepan Set schematic. Our users have donated over 1 million documents which are being added to the site. This page will be updated soon with additional information. Alternatively you can request additional help from our users directly on the relevant badcaps...09-06-2024, 09:00 AM
- Loading...
- No more items.
Comment