| Linode Forum https://forum.linode.com/ |
|
| Anyone else getting this type of traffic? https://forum.linode.com/viewtopic.php?f=19&t=5278 |
Page 1 of 1 |
| Author: | jakub [ Sat Mar 06, 2010 8:47 pm ] |
| Post subject: | Anyone else getting this type of traffic? |
I'm a new Linode user. And after securing my linode and adding some LOGANDDROP settings into my iptables, I began getting my logs filled up with this crud: (my mac + IP censored) Code: Mar 7 00:24:06 localhost kernel: Denied TCP: IN=eth0 OUT= MAC=fe:fd:45:a4:d1:49:00:00:00:00:00:00:00:00 SRC=217.66.27.184 DST=69.164.X.X LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=62184 DF PROTO=TCP SPT=59710 DPT=11370 WINDOW=5808 RES=0x00 SYN URGP=0 It keeps repeating from some russian IP: 217.66.27.184 and keeps going steady since I setup my Linode. My logs are just slowly filling up with this repeated 'ping' always on port 11370. I did some research and found this info: http://www.keysigning.org/sks/ -which seems to use port 11370 & 11371 Could that be the service they are scanning for (i don't run it)? ICS shows this: http://isc.incidents.org/port.html?port=11370 Thoughts? Is anyone else getting this? |
|
| Author: | arjones85 [ Sun Mar 07, 2010 1:56 am ] |
| Post subject: | |
Just block the IP in iptables.... |
|
| Author: | jakub [ Sun Mar 07, 2010 2:38 pm ] |
| Post subject: | |
arjones85 wrote: Just block the IP in iptables....
... thanks, my question was more aim at whether others were getting this traffic to their boxes. |
|
| Author: | pclissold [ Sun Mar 07, 2010 2:55 pm ] |
| Post subject: | |
Any host with a public IP gets this kind of crap. |
|
| Author: | jed [ Sun Mar 07, 2010 3:40 pm ] |
| Post subject: | |
For the record, if you want to sanitize your hardware address in the future -- although I'm not sure why you'd want to, you are connected to the Internet after all -- you missed it. It starts with FE:FD, and also divulges your public IP address. I'm reluctant to edit it for you, but if you're genuinely concerned about your privacy (again, not sure why), you may want to edit that portion out. |
|
| Author: | jakub [ Mon Mar 08, 2010 10:16 am ] |
| Post subject: | |
jed wrote: For the record, if you want to sanitize your hardware address in the future -- although I'm not sure why you'd want to, you are connected to the Internet after all -- you missed it. It starts with FE:FD, and also divulges your public IP address.
I'm reluctant to edit it for you, but if you're genuinely concerned about your privacy (again, not sure why), you may want to edit that portion out. Jed, I just did it as a rule of thumb, thanks for the heads up about the MAC 'fe:fd', live and learn. I don't really care about having the ip remain anonymous, but I would rather have it low on the radar if anything. I'm not paranoid, I just have a rule of thumb to not post identifying info when I don't need to. Also to the rest, I understand I have a public facing machine, I was just curious what this specific traffic was to that one port. As I usually see port scans, but not a repeated 'tap-tap-tap' on one port looking for a service. Maybe my IP was recycled from someone running something before me? |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|