What's new

Not worried but anyone else being port scanned constantly ATM from a particular region?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I am not one to worry about port scanning because I believe in my routers security and it keeps me sane. Don't dwell on it because it's just an everyday thing, right?
So I have happened to look at my Skynet stats and checked the general log this morning and shhheeeet!, this is very unusual for me but for approx 2 days someone has/is knocking hard.

View attachment 39833

View attachment 39834

And yes, I did check the IPs against Alienvault and Abuseipdb. Think they have something to do with the 'stuff' happening in eastern europe? Any one else being hit like this?

(Sorry if I have dropped this in the wrong place Mods, please feel free to move it)
Do you use Torrent?
 
To my own shame, yes, that's correct. And I say "to my own shame" because about 10-15 years ago I was a techy/computer guy and normally would have known better, it didn't even cross my mind, also, back 10+ years ago I don't recall random people using means to find and access the average Joe's ftp to cause some havoc as a common thing. I'm sure it happened but the security issues in the past were definitely not like they apparently are today.

I haven't kept up with most computer related stuff in about a decade, my desktop PCs (which I put together) components were bought back in September 2011. About a month ago when I was playing around with my PC, I ended up looking at different pc components for the heck of it, and I have to say that what's out there now, and for those prices are from perspective absurd, but in a good way. I frankly can't grasp why the average tech guy would need some several TB of storage space unless they were ripping and or downloading full bluray isos constantly lol.

Anyway, as an update to what happened, after re attaching my usb hardrive to my router and re-enableing my ftp and this time with credentials being required, within just 12 hours of enabling it, at least 2 individuals tried accessing my WAN. I only knew about it because Monday afternoon I went to my routers GUI through my DDNS and there was a lock out for too many failed attempts. When I got in and looked at the system logs, sure enough this showed up,

"Mar 28 13:05:21 wlceventd: wlceventd_proc_event(556): eth6: Assoc 34:6F:92:10:A8:02, status: Successful (0), rssi:-25
Mar 28 13:12:33 httpd login lock: Detect abnormal logins at 5 times. The newest one was from 194.127.167.100 in login.
Mar 28 13:16:57 httpd login lock: Detect abnormal logins at 5 times. The newest one was from 107.116.12.19 in login lock."
That's normal.
 
Very rarely and through a 'wireguard' VPN that binds to my laptop client using port forwarding. The port that was being knocked on in the screenies is not the VPN port that is forwarded.
I think that's requesting torrent file packets which you don't seed anymore. Just ignore it.
 
The curse of not staying up-to-date with this stuff really sucks lol.

So if you should be disabling it, is there a way to access your routers GUI when abroad? If one wishes to access their own router when not home?
Use OpenVPN to connect to your router then you have access to the GUI
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top