iptables log random access attempts to my server. why?
hi all,
recently, i installed a new server in a server farm, but since it
isn't ready for production yet, it's only running ssh, everything else
is turned off and blocked with iptables en plus. the ip address is new
and unknown [1] since i haven't published it yet.
i get connection attempts every 10 minutes or so by random IP
addresses (i.e. ones that i wouldn't have anything to do with),
iptables log them as
Aug 5 10:37:26 mymachine kernel: IN=eth0 OUT=
MAC=00:20:78:10:82:fd:00:d0:d3:a5:6e:d9:08:00 SRC=195.240.140.98
DST=xxx.xxx.xxx.xxx LEN=48 TOS=0x00 PREC=0x40 TTL=106 ID=9330 DF
PROTO=TCP SPT=4623 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
the primary candidates for connection attempts so far have been to
ports 21/tcp(ftp), 53/tcp(dns), 80/tcp(http), 111/tcp(sunrpc),
515/tcp(lpd), and an occasional attempt to 79/tcp(finger),
25/tcp(smtp), and 43/tcp(whois).
in only one night, there have been 355 such packets logged, 133
distinct source IP addresses total, most of them going for port 80.
primary "offenders" are:
adsl-62077.turboline.skynet.be (217.136.114.125)
adsl-65-69-153-115.dsl.rcsntx.swbell.net (65.69.153.115)
cs6668172-6.austin.rr.com (66.68.172.6)
[...]
and many other such dialin/adsl addresses
this is just weird, and it's messing with logcheck -- i don't quite
want to disable these messages until i know why and what they are.
however, they are getting on my nerves.
do you have any idea why this could be?
*** please CC me on a response!
[1] yes, i know, obscurity is not security, and it's easy to discover
new machines, but i haven't been scanned yet or anything...
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
--
"when I was a boy I was told
that anybody could become president.
now i'm beginning to believe it."
-- clarence darrow
Reply to: