Tea Glorious Tea!
During the last few weeks someone from IP 88.191.127.22 tries to 'poke' thru my system at ports 3xxxx & 5xxxx, once or twice a day.
Is it part of the price to pay for surfing or should I worry ?
I even added, to no avail, this entry to /etc/hosts
127.0.0.1 faraway.pocentek.net
and that haven't stopped him at all.
I have to move all my 'sensitive' offline for now. My firewall is set to Deny In, Deny Out - ports opened only for standard stuff like DNS, HTTP, SMTP, Pop ...
What are you planning?
The hosts file is only local to you and does nothing for someone trying to connect remotely.
As far as finding open ports in 3xxx and 5xxx, Remote desktop runs off port 3389 and VNC runs off 5900 and both of these are used for remote access. If you do not have either of these installed you should be fine.
Is this a desktop or server machine?
Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide
Tomorrow's an illusion and yesterday's a dream, today is a solution...
Ubuntu addict and loving it
If you can alter your iptables rules, just block the host with a rule near the top of the ruleset like this:
Then you'll never have to think about it again until someone tries a new IP address. As Charles says, as long as you don't have open ports with services listening on them, there's nothing he can do except litter your iptables logs with rejections.Code:/sbin/iptables -A INPUT -s 88.191.127.22 -j DENY
If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.
Blog · Linode System Administration Guides · Android Apps for Ubuntu Users
Tea Glorious Tea!
Resolve Host: Paris, France faraway.pocentek.net (88.191.127.22)
IP: 88.191.127.22, records: 2
medibuntu.org WHOIS
pocentek.net WHOIS
88.191.127.0 - 88.191.127.255
I also agree with the other post in addition you could block the whole range if it continues
iptables -A INPUT -p tcp -m iprange --src-range 88.191.127.0-88.191.127.255 -j DENY
Tea Glorious Tea!
I would also suggest looking at fail2ban which does this for you
http://www.fail2ban.org/wiki/index.php/Main_Page
sudo apt-get update
sudo apt-get install fail2ban
Tea Glorious Tea!
This is my desktop. I don't have these 2 ports opened.Originally Posted by CharlesA
I have seen a few, but the persistence of this guy really amazed me.
Thanks Charles and everybody, I can sleep now.
Has an Ubuntu Drip
I second Fail2Ban.
sig
νόησις νοήσεως - nóesis noéseos
All the suggestions above are valid, but it might be worth investing in an inexpensive home router with a firewall on it too. Since this is a desktop there is likely no reason to expose it to the Internet directly.
Ubuntu addict and loving it
shouldn't be amazed as its probably not a person poking at keyboard, but rather a vulnerability scanner that is poorly configured..
Ubuntu Cappuccino Scuro
OK I have a couple suggestions.
First, fail2ban or similar. Protect your computer from the inside, always.
Second, a cheap appliance router/firewall. Defense in depth, and as long as you're careful they have a huge benefit because they just don't have much on them to exploit, which can be used to attack your network.
Third, something I can't really imagine why somebody else didn't say: Contact your ISP. If you're in the USA, then this sort of thing is illegal and the appropriate people will look into it if somebody complains. I've done it 3 times now over the years with scans that were especially pesky, and they all stopped shortly after they were reported. Whether it happened because my ISP put in a firewall rule of some sort, or somebody got a visit from law enforcement I don't know nor do I care.
I know it sounds ridiculous, you can't police the whole net right? But as in real life, the cops can't come if they don't get a call.
Posting Permissions
Adv Reply
Bookmarks