Whats this about?

I get hundreds of port scans from places like china bulgaria, checkzlovakia, korea, with a few from us austrailia and finland every day.

I've only detected intusion attempts from tiscali in italy with snort.

Do most people get this sort of traffic from e block countries?

Or am I targeted?

Reply to
Christopher Leo Chatfield
Loading thread data ...

We get too much to count. Not hundreds but hundreds of thousands. Per day.

Reply to
Walter Roberson

Nope. Everyone gets the same crap.

Much of the 'traffic' is harmless, and much of it is not. Hackers constantly are scanning, looking for open machines.

Set up your firewall to block everything. Then start allowing access only to the software you are using that needs access in/out. After that, bar *everything* else. That way you won't see all the crap that constantly tries to access your machine unless you manually go through the "alert" log. This method keeps you from getting aggravated and paranoid. :)

Reply to
George Orwell

You are either new to the Internet, or you have belatedly discovered what has been happening to the rest of us for years. Hundreds per day? That's pretty minor. Last time I bothered to log the noise, I was seeing around

20000 per day.

What - did someone try to stroke your port 22 with a thousand (or so) attempted logins using dictionary passwords? Your headers say Debian - so figure out where a command line is, and run the command '/bin/netstat -tuan' and see if you need all of those ports open. If you are a home user, there should be NO ports open - or at worst, port 113/tcp if needed by your ISP. If you have decided that you need SSH open, restrict it using your firewall to those addresses (or address blocks) where you have some reasonable expectation that you will actually want to make a connection from.

All the time.

"It's only called paranoid when they AREN'T after you."

"When they _are_ out to get you, always check your paperwork."

The only reason you are receiving attention is that you have something a spammer or skript kiddiez wants - bandwidth. See that you are not offering services to the world. See that your system is kept current. Then stop worrying about non-events.

Old guy

Reply to
Moe Trin

How exactly counted? I mean, when counting the typical 4 simultanous SYNs on 135/TCP and 445/TCP separately, one can easily get many 10000s. :-)

For the non-obvious and probably even totally unrelated stuff, some hundreds per day are a clearer figure.

Especially with a well-configured Snort.

Gonna add:

NTP time synchronization UDP/30000+ leftovers from Windows' DnsCache service purely local stuff, f.e. CUPS and X11

Reply to
Sebastian Gottschalk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.