On Wed, Feb 26, 2020 at 08:49:28AM +0100, Klaus Singvogel wrote:
> deloptes wrote:
> > +1 :( and I am not using standard port 22, so they scanned all 30000 ports
> > and found out what is open (well filtered) and now are trying to do brute
> > force on SSH. Others are trying to exploit apache/php & Co.
>
> I'm using portsentry against this:
> https://packages.debian.org/buster/portsentry
>
> Let it sniff on some unused ports, like 445, 69, 8181, 5353, or 22. :-)
>
> https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
>
> But beware to have a whitelisted IP address active. I locked myslef out,
> after switching to a different computer, like fresh a installed Linux. :-)
"fwknop" is another tool to consider if you don't like getting scanned.
Regards,
Didar
>
> Regards,
> Klaus.
> --
> Klaus Singvogel
> GnuPG-Key-ID: 1024R/5068792D 1994-06-27
>
--
Basic Definitions of Science:
If it's green or wiggles, it's biology.
If it stinks, it's chemistry.
If it doesn't work, it's physics.
