Linode Forum
https://forum.linode.com/

133 snort detects 1 day mostly from from Iran
https://forum.linode.com/viewtopic.php?f=19&t=10661		 Page 1 of 1
Author:  jebblue [ Sun Dec 01, 2013 12:53 pm ]
Post subject:  133 snort detects 1 day mostly from from Iran
My snort report this morning showed detections from the IPs listed below, usually I might see a dozen from various places in a night, last night, November 31, 2013, I saw around 130 - from Iran:

Percentage and number of events from a host to a destination
============================================================
% # of from to (redacted)
============================================================
5.04 41 79.127.22.57
2.95 24 111.37.3.37
2.46 20 109.110.177.217
2.21 18 109.125.183.185
2.09 17 2.180.145.58
1.97 16 2.180.139.139
1.97 16 31.56.164.140
1.85 15 2.179.228.208
1.85 15 2.187.228.54
1.60 13 188.253.46.201
1.48 12 212.156.80.138
1.48 12 2.191.230.136
1.35 11 151.233.147.240
1.23 10 109.125.177.169
1.23 10 37.128.245.132
1.23 10 2.181.239.51
1.23 10 5.22.51.21
1.23 10 2.146.58.214
1.11 9 2.187.93.203
1.11 9 188.158.92.188
1.11 9 2.181.174.129
1.11 9 37.254.145.109
1.11 9 151.245.91.99
0.98 8 37.98.30.205
0.98 8 188.253.83.209
0.98 8 37.98.207.94
0.98 8 2.145.161.128
0.98 8 78.39.121.82
0.98 8 89.150.195.2
0.86 7 151.244.154.61
0.86 7 2.186.73.249
0.86 7 151.240.93.92
0.86 7 5.201.235.179
0.86 7 5.239.231.128
0.86 7 188.245.1.24
0.86 7 188.159.38.156
0.86 7 2.180.193.252
0.74 6 188.253.18.80
0.74 6 2.187.11.76
0.74 6 151.245.236.130
0.74 6 5.235.193.10
0.74 6 2.185.37.54
0.74 6 2.186.181.23
0.74 6 182.186.245.72
0.74 6 5.201.194.95
0.74 6 188.159.74.12
0.62 5 95.82.7.66
0.62 5 2.188.195.23
0.62 5 37.255.90.241
0.62 5 109.162.144.20
0.62 5 5.236.168.43
0.62 5 5.236.239.166
0.62 5 2.190.83.146
0.62 5 188.159.66.64
0.62 5 109.125.180.52
0.62 5 80.69.246.146
0.62 5 5.234.65.119
0.62 5 178.131.99.210
0.49 4 2.180.139.242
0.49 4 91.133.199.115
0.49 4 2.187.63.54
0.49 4 151.244.1.14
0.49 4 82.99.234.221
0.49 4 5.250.12.31
0.49 4 2.185.59.250
0.49 4 5.190.67.223
0.49 4 188.136.240.24
0.49 4 85.185.197.215
0.37 3 128.140.32.87
0.37 3 123.151.42.61
0.37 3 151.246.216.155
0.37 3 2.187.40.120
0.37 3 2.185.79.215
0.37 3 78.38.76.214
0.37 3 5.234.117.249
0.37 3 2.184.240.4
0.37 3 151.96.3.246
0.37 3 78.38.154.217
0.37 3 37.254.107.132
0.37 3 5.234.13.182
0.37 3 80.191.211.21
0.37 3 128.9.168.98
0.37 3 188.136.153.188
0.37 3 5.223.248.6
0.37 3 2.191.161.137
0.37 3 151.245.96.232
0.37 3 2.178.134.63
0.37 3 2.147.159.234
0.37 3 176.12.66.115
0.37 3 95.82.68.6
0.37 3 2.191.147.73
0.37 3 2.184.58.127
0.37 3 37.63.162.37
0.37 3 2.180.215.28
0.25 2 222.124.202.162
0.25 2 2.180.45.4
0.25 2 2.176.246.95
0.25 2 151.246.234.166
0.25 2 5.233.57.20
0.25 2 200.91.37.44
0.25 2 2.186.215.119
0.25 2 2.186.30.193
0.25 2 94.28.111.134
0.25 2 46.100.180.155
0.25 2 188.159.45.37
0.25 2 221.238.193.9
0.25 2 2.186.90.212
0.25 2 175.155.14.185
0.25 2 188.159.19.55
0.25 2 37.98.28.89
0.25 2 139.179.40.10
0.25 2 37.63.160.34
0.25 2 125.86.246.128
0.25 2 2.145.21.204
0.25 2 2.186.191.121
0.25 2 124.56.100.36
0.25 2 2.177.202.193
0.25 2 173.220.33.45
0.25 2 188.159.61.247
0.25 2 2.184.47.232
0.25 2 109.203.186.10
0.25 2 58.61.145.73
0.25 2 178.131.124.124
0.25 2 188.158.84.45
0.25 2 151.247.48.102
0.25 2 78.158.168.36
0.25 2 151.241.234.74
0.25 2 86.57.8.75
Author:  vonskippy [ Sun Dec 01, 2013 3:43 pm ]
Post subject:  Re: 133 snort detects 1 day mostly from from Iran
You're not hosting illicit camel porn again are you?
Author:  Guspaz [ Mon Dec 02, 2013 12:42 pm ]
Post subject:  Re: 133 snort detects 1 day mostly from from Iran
Is this causing a performance problem on your server? If not, then it's not important.
Author:  jebblue [ Mon Dec 02, 2013 11:23 pm ]
Post subject:  Re: 133 snort detects 1 day mostly from from Iran
It might not be a problem for you but I've been around for a few years, I thought then and now that it might be an indicator of something worth keeping an eye out for.
Page 1 of 1 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/