On 27 Nov 2013, at 02:01, Sampsa Laine <sampsa at mac.com> wrote:
On 26 Nov 2013, at 23:08, Hans Vlems <hvlems at zonnet.nl> wrote:
No, I get telnet attempts from it, es and nl domains lately. I put a text in sys$announce
that tells the, error, user that the system is privately owned, alle access attempts are
logged and monitored and that unauthorized access is not allowed. The attempts are now
down to a couple every 24 hours and no longer every 5 minutes.
Just got an SSH bruteforce attempt from Korea, decided to have a look at the chap's
machine:
nmap -p1-65535 -T5 -sV -oAhax0r -P0 14.63.222.153
The "attack" stopped pretty quickly after that lol.
Mainland China based IP attacked me this morning, stopped after 27 seconds of my nmap
scan.
The scanners don't like to be scanned it seems :)
Might write an automatic ArcSight rule to trigger these..
sampsa