> I see in my log files that I get probed from 119.161.130.75 on an > almost hourly basis (make dumb joke here), udp port scans, brute > force password attempts, nothing to out of the ordinary which is why > I ask help from the funsec community.
Sounds like a good candidate for border router blocking. But that wasn't what you were asking.... > Check out this log and tell me what is going on here. > Hop 12 is the handoff from Sprint to China net. Everything past this point is of questionable reliability, at best. > Hop 22 is a static route provided by GE with an IP of 3.3.3.2 > Hop 23 is DoD Experimental IP space > Hop 24 is the host harassing me. > Why would I see a static route from GE here and then DoD IP space? I > am just curious as I think this is a strange path to get to the host > that resides at hop 24. Because someone in Chinanet is (ab)using 3/8 and 6/8 as if they were RFC1918 space, would be my guess. Back when I was still bothering to actively fight network abuse, Chinanet was one of the worst offenders, one of the first I blanket-blocked. If the net were run by people who cared more about having a well-functioning net than something else (lining their own pockets would be my guess, but I don't actually know), Chinanet would long ago have been kicked off the net (or at least threatened with it; if the threat of penalties were credible, it might work). /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML [email protected] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
