Jump to content

Optics

Members
  • Posts

    5
  • Joined

  • Last visited

Recent Profile Visitors

2,185 profile views

Optics's Achievements

Newbie

Newbie (1/14)

  1. @i.have.rewt The only services I have running are Squid(3128), SSH(1337), HTTPS(443), Domain(53), and FTP(21). @digip Thanks for the information. The box shouldn't respond to ping and it won't give them any results for a port scan. So how do they even know anything exists at my IP? Thanks guys, Optics
  2. Hey guys, I've been having attempts every single night from Chinese IP's. Would only be one or two tries. But earlier, I got a bunch from Russian IP addresses. Any idea why I got such an influx of attacks? Anyone else seeing similar attacks? My PfSense box is set not to respond to ping, and all ports appear closed from the WAN side. All attackers get blocked by snort automatically. Thanks, Optics Here's the log: [**] [1:2406699:140] ET RBN Known Russian Business Network IP UDP (350) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:52:17.039841 92.241.185.14:27016 -> 192.168.1.199:13495 UDP TTL:48 TOS:0x0 ID:30215 IpLen:20 DgmLen:120 DF Len: 92 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406699:140] ET RBN Known Russian Business Network IP UDP (350) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:52:17.039761 92.241.185.14:27016 -> xxx.xxx.xxx.xxx:58769 [**] [1:2406699:140] ET RBN Known Russian Business Network IP UDP (350) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:52:17.132641 92.241.167.16:27015 -> 192.168.1.199:13495 UDP TTL:48 TOS:0x0 ID:18702 IpLen:20 DgmLen:126 DF Len: 98 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] UDP TTL:49 TOS:0x0 ID:0 IpLen:20 DgmLen:120 DF Len: 92 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406699:140] ET RBN Known Russian Business Network IP UDP (350) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:52:17.132529 92.241.167.16:27015 -> xxx.xxx.xxx.xxx:51648 UDP TTL:49 TOS:0x0 ID:0 IpLen:20 DgmLen:126 DF Len: 98 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406701:140] ET RBN Known Russian Business Network IP UDP (351) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:52:18.114122 92.48.203.27:27015 -> 192.168.1.199:13495 UDP TTL:113 TOS:0x0 ID:47138 IpLen:20 DgmLen:142 Len: 114 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406701:140] ET RBN Known Russian Business Network IP UDP (351) [**] [Classification: Misc Attack] [Priority: 2] [**] [1:2406701:140] ET RBN Known Russian Business Network IP UDP (351) [**] 07/11-18:52:18.113929 92.48.203.27:27015 -> xxx.xxx.xxx.xxx:53229 [Classification: Misc Attack] [Priority: 2] UDP TTL:114 TOS:0x0 ID:26315 IpLen:20 DgmLen:142 07/11-18:52:18.132478 92.48.195.206:27016 -> 192.168.1.199:13495 Len: 114 UDP TTL:114 TOS:0x0 ID:33608 IpLen:20 DgmLen:134 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] Len: 106 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406701:140] ET RBN Known Russian Business Network IP UDP (351) [**] [Classification: Misc Attack] [Priority: 2] [**] [1:2406701:140] ET RBN Known Russian Business Network IP UDP (351) [**] 07/11-18:52:18.132339 92.48.195.206:27016 -> xxx.xxx.xxx.xxx:52772 [Classification: Misc Attack] [Priority: 2] UDP TTL:115 TOS:0x0 ID:3012 IpLen:20 DgmLen:134 07/11-18:52:18.162915 92.48.195.68:28099 -> 192.168.1.199:13495 Len: 106 UDP TTL:113 TOS:0x0 ID:37722 IpLen:20 DgmLen:141 DF [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] Len: 113 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406701:140] ET RBN Known Russian Business Network IP UDP (351) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:52:18.162725 92.48.195.68:28099 -> xxx.xxx.xxx.xxx:63936 UDP TTL:114 TOS:0x0 ID:27174 IpLen:20 DgmLen:141 DF Len: 113 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406707:140] ET RBN Known Russian Business Network IP UDP (354) [**] [**] [1:2406701:140] ET RBN Known Russian Business Network IP UDP (351) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:52:18.375513 92.62.98.46:27015 -> xxx.xxx.xxx.xxx:61817 UDP TTL:47 TOS:0x0 ID:0 IpLen:20 DgmLen:133 DF [Classification: Misc Attack] [Priority: 2] Len: 105 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] 07/11-18:52:18.316675 92.48.195.205:27015 -> 192.168.1.199:13495 [**] [1:2406701:140] ET RBN Known Russian Business Network IP UDP (351) [**] UDP TTL:114 TOS:0x0 ID:789 IpLen:20 DgmLen:133 [Classification: Misc Attack] [Priority: 2] 07/11-18:52:18.408724 92.48.195.205:27017 -> xxx.xxx.xxx.xxx:60129 UDP TTL:115 TOS:0x0 ID:3964 IpLen:20 DgmLen:131 Len: 105 Len: 103 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406701:140] ET RBN Known Russian Business Network IP UDP (351) [**] [Classification: Misc Attack] [Priority: 2] [**] [1:2406701:140] ET RBN Known Russian Business Network IP UDP (351) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:52:18.473916 92.48.194.210:27025 -> xxx.xxx.xxx.xxx:53214 UDP TTL:51 TOS:0x0 ID:0 IpLen:20 DgmLen:153 DF Len: 125 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] 07/11-18:52:18.541733 92.48.203.28:27015 -> 192.168.1.199:13495 [**] [1:2406701:140] ET RBN Known Russian Business Network IP UDP (351) [**] UDP TTL:113 TOS:0x0 ID:49682 IpLen:20 DgmLen:159 [Classification: Misc Attack] [Priority: 2] Len: 131 07/11-18:52:18.541637 92.48.203.28:27015 -> xxx.xxx.xxx.xxx:53016 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] UDP TTL:114 TOS:0x0 ID:26805 IpLen:20 DgmLen:159 Len: 131 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [122:22:0] (portscan) UDP Filtered Decoy Portscan [**] [Priority: 3] 07/11-18:52:20.220442 193.192.59.192 -> xxx.xxx.xxx.xxx PROTO:255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:171 DF [**] [1:2406045:140] ET RBN Known Russian Business Network IP UDP (23) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:52:26.737303 195.161.4.58:27015 -> 192.168.1.199:13495 [**] [1:2406045:140] ET RBN Known Russian Business Network IP UDP (23) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:52:26.892837 195.161.4.58:2009 -> xxx.xxx.xxx.xxx:50763 UDP TTL:51 TOS:0x0 ID:0 IpLen:20 DgmLen:122 DF Len: 94 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] UDP TTL:50 TOS:0x0 ID:63368 IpLen:20 DgmLen:118 DF Len: 90 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2500075:1581] ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (38) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:52:30.021197 202.125.47.222:29005 -> xxx.xxx.xxx.xxx:50539 UDP TTL:51 TOS:0x0 ID:0 IpLen:20 DgmLen:146 DF Len: 118 [Xref => http://doc.emergingthreats.net/bin/view/Ma...ompromisedHosts] [**] [1:2406195:140] ET RBN Known Russian Business Network IP UDP (98) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:52:54.342147 212.77.128.138:27075 -> xxx.xxx.xxx.xxx:62540 UDP TTL:111 TOS:0x24 ID:27084 IpLen:20 DgmLen:116 Len: 88 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406195:140] ET RBN Known Russian Business Network IP UDP (98) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:52:54.342220 212.77.128.138:27075 -> 192.168.1.199:13495 UDP TTL:110 TOS:0x24 ID:4575 IpLen:20 DgmLen:116 Len: 88 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406707:140] ET RBN Known Russian Business Network IP UDP (354) [**] [Classification: Misc Attack] [Priority: 2] [**] [1:2406707:140] ET RBN Known Russian Business Network IP UDP (354) [**] 07/11-18:53:24.755909 92.62.98.47:27015 -> 192.168.1.199:13495 [Classification: Misc Attack] [Priority: 2] UDP TTL:46 TOS:0x0 ID:26363 IpLen:20 DgmLen:130 DF 07/11-18:53:24.755702 92.62.98.47:27015 -> xxx.xxx.xxx.xxx:50165 Len: 102 UDP TTL:47 TOS:0x0 ID:0 IpLen:20 DgmLen:130 DF [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] Len: 102 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406707:140] ET RBN Known Russian Business Network IP UDP (354) [**] [Classification: Misc Attack] [Priority: 2] [**] [1:2406707:140] ET RBN Known Russian Business Network IP UDP (354) [**] 07/11-18:53:24.876024 92.62.98.45:27015 -> 192.168.1.199:13495 [Classification: Misc Attack] [Priority: 2] UDP TTL:45 TOS:0x0 ID:34725 IpLen:20 DgmLen:131 DF 07/11-18:53:24.875969 92.62.98.45:27015 -> xxx.xxx.xxx.xxx:52839 Len: 103 UDP TTL:46 TOS:0x0 ID:0 IpLen:20 DgmLen:131 DF [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] Len: 103 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406701:140] ET RBN Known Russian Business Network IP UDP (351) [**] [**] [1:2406701:140] ET RBN Known Russian Business Network IP UDP (351) [**] [Classification: Misc Attack] [Priority: 2] [Classification: Misc Attack] [Priority: 2] 07/11-18:53:29.090152 92.48.203.104:27045 -> 192.168.1.199:13495 07/11-18:53:29.090023 92.48.203.104:27045 -> xxx.xxx.xxx.xxx:56649 UDP TTL:113 TOS:0x0 ID:29159 IpLen:20 DgmLen:149 UDP TTL:114 TOS:0x0 ID:15024 IpLen:20 DgmLen:149 Len: 121 Len: 121 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [122:22:0] (portscan) UDP Filtered Decoy Portscan [**] [Priority: 3] 07/11-18:54:11.567580 95.31.2.6 -> xxx.xxx.xxx.xxx PROTO:255 TTL:0 TOS:0x0 ID:18756 IpLen:20 DgmLen:174 [**] [122:22:0] (portscan) UDP Filtered Decoy Portscan [**] [Priority: 3] 07/11-18:55:09.865401 84.38.74.241 -> xxx.xxx.xxx.xxx PROTO:255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:172 DF [**] [1:2406255:140] ET RBN Known Russian Business Network IP UDP (128) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:55:14.606707 217.170.66.68:27015 -> 192.168.1.199:13495 [**] [1:2406255:140] ET RBN Known Russian Business Network IP UDP (128) [**] UDP TTL:114 TOS:0x0 ID:14633 IpLen:20 DgmLen:131 [Classification: Misc Attack] [Priority: 2] Len: 103 07/11-18:55:14.606606 217.170.66.68:27015 -> xxx.xxx.xxx.xxx:53052 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] UDP TTL:115 TOS:0x0 ID:9518 IpLen:20 DgmLen:131 Len: 103 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406563:140] ET RBN Known Russian Business Network IP UDP (282) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:55:30.581274 80.70.228.80:27016 -> xxx.xxx.xxx.xxx:62116 UDP TTL:48 TOS:0x0 ID:0 IpLen:20 DgmLen:123 DF Len: 95 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406563:140] ET RBN Known Russian Business Network IP UDP (282) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:55:30.581354 80.70.228.80:27016 -> 192.168.1.199:13495 UDP TTL:47 TOS:0x0 ID:6071 IpLen:20 DgmLen:123 DF Len: 95 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406533:140] ET RBN Known Russian Business Network IP UDP (267) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:55:40.902023 78.129.142.161:27015 -> xxx.xxx.xxx.xxx:60298 UDP TTL:49 TOS:0x0 ID:0 IpLen:20 DgmLen:162 DF Len: 134 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406533:140] ET RBN Known Russian Business Network IP UDP (267) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:55:40.902130 78.129.142.161:27015 -> 192.168.1.199:13495 UDP TTL:48 TOS:0x0 ID:34922 IpLen:20 DgmLen:162 DF Len: 134 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406533:140] ET RBN Known Russian Business Network IP UDP (267) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:55:41.096640 78.129.142.183:27015 -> xxx.xxx.xxx.xxx:51910 UDP TTL:48 TOS:0x0 ID:0 IpLen:20 DgmLen:151 DF Len: 123 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406533:140] ET RBN Known Russian Business Network IP UDP (267) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:55:41.096699 78.129.142.183:27015 -> 192.168.1.199:13495 UDP TTL:47 TOS:0x0 ID:26735 IpLen:20 DgmLen:151 DF Len: 123 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406519:140] ET RBN Known Russian Business Network IP UDP (260) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:55:53.554627 77.91.226.50:27015 -> xxx.xxx.xxx.xxx:51522 UDP TTL:49 TOS:0x0 ID:0 IpLen:20 DgmLen:128 DF Len: 100 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork] [**] [1:2406519:140] ET RBN Known Russian Business Network IP UDP (260) [**] [Classification: Misc Attack] [Priority: 2] 07/11-18:55:53.554825 77.91.226.50:27015 -> 192.168.1.199:13495 UDP TTL:48 TOS:0x0 ID:10921 IpLen:20 DgmLen:128 DF Len: 100 [Xref => http://doc.emergingthreats.net/bin/view/Ma...BusinessNetwork]
  3. Happy Birhtday from Michigan
×
×
  • Create New...