I've started to see lots of IP addresses that scans lots of ports trying to find something to get in to and instead of going through the logs everyday doingt this manually is there something that can do this?
I'll show you what I mean:
Code: Select all
From 70.173.72.49 - 568 packets to tcp(1054,1079,1210,1213,1215,1217,1222,1224,1227,1228,1232,1240,1241,1248,1259,1262,1277,1278,1279,1280,1285,1290,1293,1297,1298,129
9,1300,1304,1305,1307,1310,1311,1313,1314,1316,1317,1318,1321,1323,1326,1328,1331,1333,1334,1336,1340,1343,1344,1347,1348,1353,1354,1357,1358,1452,1537,1540,1541,1546,154
7,1550,1551,1552,1553,1555,1565,1566,1567,1568,1571,1572,1575,1577,1578,1580,1581,1583,1584,1586,1589,1591,1592,1593,1594,1595,1596,1598,1600,1602,1603,1604,1606,1609,161
1,1612,1613,1615,1616,1617,1621,1628,1637,1639,1648,1656,1659,1660,1686,1728,1792,1887,1891,1957,2030,2172,2248,2336,2492,2670,2743,2793,2825,2962,2972,2992,2996,3042,314
5,3167,3268,3445,3518,3594,3682,3802,3824,3851,3858,3899,3941,4181,4351,4574,4629,4694,4821,20355)
iptables -t filter -A INPUT -i eth0 -s x.x.x.x -j DROP into my iptables script but it's getting too much work doing this.
The log size has increased three times in size from like 4-6 weeks ago.