I've started to see lots of IP addresses that scans lots of ports trying to find something to get in to and instead of going through the logs everyday doingt this manually is there something that can do this?
I'll show you what I mean:
- Code: Select all
From 70.173.72.49 - 568 packets to tcp(1054,1079,1210,1213,1215,1217,1222,1224,1227,1228,1232,1240,1241,1248,1259,1262,1277,1278,1279,1280,1285,1290,1293,1297,1298,129
9,1300,1304,1305,1307,1310,1311,1313,1314,1316,1317,1318,1321,1323,1326,1328,1331,1333,1334,1336,1340,1343,1344,1347,1348,1353,1354,1357,1358,1452,1537,1540,1541,1546,154
7,1550,1551,1552,1553,1555,1565,1566,1567,1568,1571,1572,1575,1577,1578,1580,1581,1583,1584,1586,1589,1591,1592,1593,1594,1595,1596,1598,1600,1602,1603,1604,1606,1609,161
1,1612,1613,1615,1616,1617,1621,1628,1637,1639,1648,1656,1659,1660,1686,1728,1792,1887,1891,1957,2030,2172,2248,2336,2492,2670,2743,2793,2825,2962,2972,2992,2996,3042,314
5,3167,3268,3445,3518,3594,3682,3802,3824,3851,3858,3899,3941,4181,4351,4574,4629,4694,4821,20355)
and I've seen lots and lots of these, even worse, the last couple of weeks and right now I just add a:
iptables -t filter -A INPUT -i eth0 -s x.x.x.x -j DROP into my iptables script but it's getting too much work doing this.
The log size has increased three times in size from like 4-6 weeks ago.
