Jump to content

Should I Be Concerned?


Inked
 Share

Recommended Posts

I have noticed a lot of port scans originating from China. My firewall and such have stopped them, however the sheer amount of attempts concerns me. Should I even be concerned with this? I read on how to block China's IP range, however I do not run any form of server (Apache, IIS or anything of the like). I did read that if you run a linux router you can use IP tables to block IP ranges. Has anyone tried blocking different ranges via a linux router?

Link to comment
Share on other sites

You would be surprised how many brute force attempts you can log just by turning on an FTP or SSH service for a day. There are billions of zombie computers that spend all their scripted lives scanning IP ranges and when they find something interesting, the try to log in. The humorous part is how many of these will try to log into *nix SSH using the username Administrator, Admin, God, Mary, etc.

If you do not have any services running, the best thing to do would be to block/drop incoming connections that are not part of already established sessions (ie: requested connections, as in a webpage you want to view). Most standard firewalls have this capability, although the language used to describe it will vary.

Link to comment
Share on other sites

Your router should already have a setting to drop unsolicited/anonymous connections, ie: if you didn't initiate the session, and you don't have a service port forwarded to receive the connection on one of your machines, it should ignore it by default. Now, if your router has any known flaws, which some do, then thats another story. Also, if it uses services that allows them to bypass basic security, such as UPnP, SSDP, etc, then turn them off within the router as well as in the OS's services. (If windows, type services.msc at a run prompt and look for UPnP and SSDP and set them to disabled, then reboot.

Edited by digip
Link to comment
Share on other sites

What type of router are you running? Or, more specifically what type of firmware?

DD-WRT should be able to block ports as well.

Check out this documentation on how to

http://www.dd-wrt.com/wiki/index.php/Port_Blocking

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...