[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Connection closed by [IP] port [port] [preauth]



On Wed, Feb 26, 2020 at 08:49:28AM +0100, Klaus Singvogel wrote:
> deloptes wrote:
> > +1 :( and I am not using standard port 22, so they scanned all 30000 ports
> > and found out what is open (well filtered) and now are trying to do brute
> > force on SSH. Others are trying to exploit apache/php & Co.
> 
> I'm using portsentry against this:
> https://packages.debian.org/buster/portsentry
> 
> Let it sniff on some unused ports, like 445, 69, 8181, 5353, or 22. :-)
> 
> https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
> 
> But beware to have a whitelisted IP address active. I locked myslef out,
> after switching to a different computer, like fresh a installed Linux. :-)

"fwknop" is another tool to consider if you don't like getting scanned.

Regards,
Didar

> 
> Regards,
> 	Klaus.
> -- 
> Klaus Singvogel
> GnuPG-Key-ID: 1024R/5068792D  1994-06-27
> 

-- 
Basic Definitions of Science:
	If it's green or wiggles, it's biology.
	If it stinks, it's chemistry.
	If it doesn't work, it's physics.


Reply to: