Results 1 to 2 of 2

Thread: Korean assault

  1. #1

    Korean assault

    I've noticed many connection attempts from different IPs to ports 22, 21, 53. Today I got more of them than during normal 10 or more days ! This used to be a silent place with only code red and the like knocking at 80. Whois reveals that most offenders are from Korea. There are also ssh attempts from the US, Italy and Poland. There weren't any new security issues with ssh lately, right ? I'm subscribed to bugtraq so I think I'm informed quite well.

    Do you also notice an increase in portscanning activity ? Does anyone know if there's something unusual going on ? I'm not really worried (good firewall rules) but I'd like to know what's up.

  2. #2
    Good Guru
    Compunuts's Avatar
    Join Date
    May 2001

    Re: Korean assault

    I think it's mostly is random. I've had times where my box would get attempted more times than the whole month would get then it's all quiet for a while.

    I think what they usually do is they have some scripts do the work for them. If your IP range is in there, you will get lots of hit.

    As long as you are keeping up with security, you should be fine ( mostly ).

Similar Threads

  1. Replies: 13
    Last Post: 04-20-2004, 10:36 PM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts