Interesting ....

[James McDonald]

Bill Campbell wrote:
> On Sat, Jul 05, 2008, Ben Duncan wrote:
>   
>> I have telnet and FTP service turned up on this workstation.
>> It is behind a firewall with Port Forwarding and secured with
>> wrappers/chains so ONLY my clients (Who have all static IP's)
>> can get in. All things are set up VERY secure and in 10 years
>> on various customer's servers this has yet to be hacked.
>> There are other settings , but I am not gonna give my secrets away.
>>
>> Anyway, I DO monitor log's and Have been getting a LOT
>> (hundreds) of hits of IP's trying to get in (with no luck) over the
>> past few days. Mostly telnet then fall back to ftp.
>>
>> All the dig/nslookup return that the IP Block belongs to
>> Russia and Croatia.
>>
>> Whaddya think? Russian Mafia trying to hack my system?
>>     
>
> That sounds right.
>
> I get about 20,000 repoorts per month from systems we monitor of
> attempts to connect with ssh, ftp, telnet, etc.
>
> You might look at fail2ban which can automatically block IP
> addresses that attempts like this.
>
> Bill
>   
I deny all traffic to ssh except from addresses I control 
(Work/home/mum/brother) so I don't have to worry about all those 
dictionary attacks.

The problem with the internet is you can basically iterate through all 
ip ranges and depending on what you do with your script you can find X 
fulnerable hosts. It make me wonder how the evil script kiddies protect 
their prize once it's compromized. Otherwise the hacked host would be 
getting snatched by a different bot net controller all the time.