Re: Connection closed by [IP] port [port] [preauth]

To: deloptes <deloptes@gmail.com>
Cc: debian-user@lists.debian.org
Subject: Re: Connection closed by [IP] port [port] [preauth]
From: Klaus Singvogel <deb-user-ml@singvogel.net>
Date: Wed, 26 Feb 2020 08:49:28 +0100
Message-id: <[🔎] 20200226074928.GA15676@singvogel.net>
In-reply-to: <[🔎] r354kv$2nqb$1@ciao.gmane.io>
References: <[🔎] 20200224203817.GA25895@paros.maison.mrs> <[🔎] cbf5489629c6140176392d38821adf667b70d787.camel@yxit.co.uk> <[🔎] r354kv$2nqb$1@ciao.gmane.io>

deloptes wrote:
> +1 :( and I am not using standard port 22, so they scanned all 30000 ports
> and found out what is open (well filtered) and now are trying to do brute
> force on SSH. Others are trying to exploit apache/php & Co.

I'm using portsentry against this:
https://packages.debian.org/buster/portsentry

Let it sniff on some unused ports, like 445, 69, 8181, 5353, or 22. :-)

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

But beware to have a whitelisted IP address active. I locked myslef out,
after switching to a different computer, like fresh a installed Linux. :-)

Regards,
	Klaus.
-- 
Klaus Singvogel
GnuPG-Key-ID: 1024R/5068792D  1994-06-27

Reply to:

Follow-Ups:
- Re: Connection closed by [IP] port [port] [preauth]
  - From: Didar Hossain <didar@purlo.in>

References:
- Connection closed by [IP] port [port] [preauth]
  - From: steve <dlist@bluewin.ch>
- Re: Connection closed by [IP] port [port] [preauth]
  - From: Tixy <tixy@yxit.co.uk>
- Re: Connection closed by [IP] port [port] [preauth]
  - From: deloptes <deloptes@gmail.com>

Prev by Date: Re: ifup && iptables error
Next by Date: Re: Understanding the two-year release cycle as a desktop user (and a Debian newcomer)
Previous by thread: Re: Connection closed by [IP] port [port] [preauth]
Next by thread: Re: Connection closed by [IP] port [port] [preauth]
Index(es):
- Date
- Thread