rich at paranoid.org
Tue Dec 7 23:33:08 UTC 2004
Michael J. Pawlowsky wrote:
> But the stuff coming from China.... Forget it.
> I get attacks like these just about every other day. I maintain servers
> for several networks... And there always seems to be one of them
> somewhere that is getting probed.
Yeah, the question is whether this is just a random scan or someone
actually targeting the machine for some reason. There is a ton of
scanning going on nowadays, it's very common. When a new root
vulnerability surfaces, there are usually scripts written pretty soon
after that scan large netblocks looking for any machine that is vulnerable.
In terms of what you can do, block the address(es) by all means. And
make sure to stay up to date on the available patches/upgrades. The vast
majority of root compromises happen by way of known vulnerabilities.
Also, don't run services you don't need to, and use iptables to restrict
access as mush as possible for any you do need.
More information about the users