Re: SFTP question

To: debian-user@lists.debian.org
Subject: Re: SFTP question
From: Sven Hartge <sven@svenhartge.de>
Date: Fri, 26 Dec 2014 11:36:16 +0100
Message-id: <[🔎] ab8m2e95mov8@mids.svenhartge.de>
References: <[🔎] 20141223125228.GA24853@fever.havannah.local> <[🔎] 20141223153258978953850.NoCcsPlease@bob.proulx.com> <[🔎] 20141224070154.GB30814@fever.havannah.local> <[🔎] 549AE75C.6080505@gmail.com> <[🔎] 20141224194803.GA7615@fever.havannah.local> <[🔎] 549B7FA3.2050907@gmail.com> <[🔎] 20141225174728.GA22623@fever.havannah.local>

Danny <mynixmail@gmail.com> wrote:

>> I've seen attacks start within hours of putting a new system on the
>> internet.  I see multiple attacks on my servers every day.

> Makes me wonder how these guys get hold of IP's so quickly ...

With a decent enought connection (about 10GBits) you can scan the entire
reachable Internet withing about 30 Minutes to check for the openess of
one port. (See the programm masscan.)

And there are bots, lots of bots who also tirelessly scan the whole IPv4
range for open SSH-, SMTP-, POP3-, IMAP- and HTTP-Ports.

I for example have blacklisted 116.10.191.0/24 (from the Chinanet AS)
because for at least the last 7 years there have nothing but port scans
been comming from that network.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Reply to:

References:
- SFTP question
  - From: Danny <dannydebont@gmail.com>
- Re: SFTP question
  - From: Bob Proulx <bob@proulx.com>
- Re: SFTP question
  - From: Danny <mynixmail@gmail.com>
- Re: SFTP question
  - From: Jerry Stuckle <stucklejerry@gmail.com>
- Re: SFTP question
  - From: Danny <mynixmail@gmail.com>
- Re: SFTP question
  - From: Jerry Stuckle <stucklejerry@gmail.com>
- Re: SFTP question
  - From: Danny <mynixmail@gmail.com>

Prev by Date: Re: SFTP question
Next by Date: Prezado usuário
Previous by thread: Re: SFTP question
Next by thread: Re: SFTP question
Index(es):
- Date
- Thread