What's new

Sentinel security report

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

AndreiV

Very Senior Member
More important than exploits or ChatGPT that could possibly under certain circumstances bite you are that attacks and probes that are taking place on your systems right now.

Attached is a .pdf from Turris with their monthly report on real time attacks and probes includng ports and countries of interest.


Overview

In February, we saw about a 10% decrease in the number of unique attackers, but they were more active.
Usually, we see attackers come and go, but in February, although it was fewer attackers in total, we had on average, more attackers blocked every day.
This means that those attackers stayed active longer than in January.

Regarding the port attacks, we saw a decrease in attacks on many well-known ports.
That is a good sign, but don't let your guard down.
An attacker has to succeed just once, while you have to repel his every attempt.

The first potentially interesting port that gained some popularity among attackers is 9091.It is the default port for RPC for the Transmission BitTorrent client. That sounds like a potentially juicy target.
So keep your RPC endpoints secured, and when exposing them, make sure you have a strong enough password.

In passwords, it looks like bots figured out that many systems requests at least eight characters password, so the most popular password of February is 12345678.
We also have a few well-known candidates on top, but the rest of the chart is occupied by random attacks from Iran that we already spoke about in the report for January. And although there are still a few IPs showing similar behaviour, the Iranian network does an order of magnitude more attacks then everybody else combined.

We also checked what the used usernames look like to make sure it wasn't just some random stream of data hitting our mini pots.
But even though there are short usernames that look random, like v5 or h24, there are also plenty of valid usernames like admin, postmaster, or zztop and
those are much more common. [QUOTE/]
 

Attachments

  • sReport_2023_02.pdf
    92.6 KB · Views: 35

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top