Well, only looking on what's inside a server is not so bad, but most of the time a "brute force" comes after a "look". If I understand correct, *apnic* is like an asian network center which gives IPs for a very wide region. I agree, blocking China would definitely reduce the "door rattling" by more than 50% (but it would probably take all day to type all ranges), once I tracked many attacker IPs and most of them were from asia, but I found out that they may take over some European servers too, and then use them for scanning, brute forcing. Actually sometimes I get angry at all those spammers, scammers, phishers. Who do they think they are, acting without any morality. On Fri, Feb 1, 2013 at 1:41 AM, geofrey rainey < geofrey.rainey@xxxxxxxxxxxxxxxxxx> wrote: > "Exact" is probably the wrong term, there's a difference between sitting > on one's computer and sending a tcp packet to another computer than > physically going on to one's property with the intention of looking for > entry points. The former is something that I do out of interest, interest > in finding out what a server on a network might be running, improve my > networking skills, and so-forth, it might be, frankly, quite arbitrary > deemed "really bad" by corporates that have left holes that clever crackers > are able to exploit and steal stuff and sure, I am not advocating that and > understand that it is theft and so-forth, but frankly, scanning a host is > hardly a major criminal offence and it's an excessive use of legal power to > assert that it is tantamount to some burglar trying to break in to a > building or something. > > > > On 02/01/2013 11:03 AM, Tom Burke wrote: > >> Unless you have permission, that's exactly what it is. Why else would you >> be rattling their firewall, except to probe their vulnerabilities? >> >> And if you're probing their vulnerabilities without permission, then why >> are you doing it? >> >> IIRC, there is, in fact, legal precedence on this, too. >> >> On a related note, I used to drop *.apnic.* into my filters, and that got >> rid of over 80% of the door rattling. >> >> Of course, it pretty much blocked everyone in China, Japan, New Zealand, >> Australia, and so on.. >> >> On Thu, Jan 31, 2013 at 4:43 PM, geofrey rainey < >> geofrey.rainey@enterpriseit.**co.nz <geofrey.rainey@xxxxxxxxxxxxxxxxxx>> >> wrote: >> >> I just don't think rattling locks and peeking in windows is analogous to >>> sending a few tcp packets to a server on the internet really. >>> >>> On 02/01/2013 01:20 AM, Tom Curl wrote: >>> >>> Unless you have permission from the owner of the server, you should be >>>> banned. Gee, I just think I'll rattle the locks on your doors and peak >>>> through your windows just to see what you are doing Geofrey. >>>> >>>> >>>> >>>> On Thu, 2013-01-31 at 10:13 +1300, geofrey rainey wrote: >>>> >>>> I don't think i'd advise permanently blocking IP's - sometimes I nmap >>>>> an >>>>> IP just because I am interested to see what's running or whatever but >>>>> wouldn't expect to be "banned" for doing this... >>>>> >>>>> >>>>> On 01/30/2013 06:56 PM, AMDPaulius Paulius wrote: >>>>> >>>>> Yeah, even my small home server which is not advertised anywhere gets >>>>>> scanned daily. They are always trying to brute force into FTP, or >>>>>> SSH. I >>>>>> use iptables to block those IPs completely. >>>>>> >>>>>> On Wed, Jan 30, 2013 at 1:46 AM, Florez, Nestor <NFlorez@xxxxxxxxx> >>>>>> wrote: >>>>>> >>>>>> THANKS!!! >>>>>> >>>>>>> Né§t☼r >>>>>>> >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: redhat-list-bounces@xxxxxxxxxx [mailto: >>>>>>> redhat-list-bounces@xxxxxxxxxx****] On Behalf Of m.roth@xxxxxxxxx >>>>>>> Sent: Tuesday, January 29, 2013 2:30 PM >>>>>>> To: General Red Hat Linux discussion list >>>>>>> Subject: RE: Server Probing >>>>>>> >>>>>>> Florez, Nestor wrote: >>>>>>> >>>>>>> [mailto:redhat-list-bounces@****redhat.com <http://redhat.com>< >>>>>>>> redhat-list-**bounces@xxxxxxxxxx <redhat-list-bounces@xxxxxxxxxx>>] >>>>>>>> On Behalf Of Florez, Nestor >>>>>>>> >>>>>>>> I will take a look at fail2ban >>>>>>>> You guys mentioned fail2ban, Does redhat has it available? Where? >>>>>>>> >>>>>>>> epel. >>>>>>> >>>>>>> mark >>>>>>> >>>>>>> -- >>>>>>> redhat-list mailing list >>>>>>> unsubscribe mailto:redhat-list-request@**r**edhat.com<http://redhat.com> >>>>>>> <redhat-list-request@**redhat.com <redhat-list-request@xxxxxxxxxx>> >>>>>>> ?subject=unsubscribe >>>>>>> https://www.redhat.com/****mailman/listinfo/redhat-list<https://www.redhat.com/**mailman/listinfo/redhat-list> >>>>>>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list<https://www.redhat.com/mailman/listinfo/redhat-list> >>>>>>> > >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> redhat-list mailing list >>>>>>> unsubscribe mailto:redhat-list-request@**r**edhat.com<http://redhat.com> >>>>>>> <redhat-list-request@**redhat.com <redhat-list-request@xxxxxxxxxx>> >>>>>>> ?subject=unsubscribe >>>>>>> https://www.redhat.com/****mailman/listinfo/redhat-list<https://www.redhat.com/**mailman/listinfo/redhat-list> >>>>>>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list<https://www.redhat.com/mailman/listinfo/redhat-list> >>>>>>> > >>>>>>> >>>>>>> -- >>>>>>> >>>>>> redhat-list mailing list >>>>> unsubscribe mailto:redhat-list-request@**r**edhat.com<http://redhat.com> >>>>> <redhat-list-request@**redhat.com <redhat-list-request@xxxxxxxxxx>> >>>>> ?subject=unsubscribe >>>>> https://www.redhat.com/****mailman/listinfo/redhat-list<https://www.redhat.com/**mailman/listinfo/redhat-list> >>>>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list<https://www.redhat.com/mailman/listinfo/redhat-list> >>>>> > >>>>> >>>>> >>>> -- >>> redhat-list mailing list >>> unsubscribe mailto:redhat-list-request@**r**edhat.com<http://redhat.com> >>> <redhat-list-request@**redhat.com <redhat-list-request@xxxxxxxxxx>> >>> ?subject=unsubscribe >>> https://www.redhat.com/****mailman/listinfo/redhat-list<https://www.redhat.com/**mailman/listinfo/redhat-list> >>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list<https://www.redhat.com/mailman/listinfo/redhat-list> >>> > >>> >> > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@**redhat.com<redhat-list-request@xxxxxxxxxx> > ?subject=unsubscribe > https://www.redhat.com/**mailman/listinfo/redhat-list<https://www.redhat.com/mailman/listinfo/redhat-list> > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
