Welcome to Just Commodores, a site specifically designed for all people who share the same passion as yourself.

New Posts Contact us

Just Commodores Forum Community

It takes just a moment to join our fantastic community

Register

Attempted hacking????

PaRaDoX

Because Racecouch...
Joined
Apr 16, 2005
Messages
3,286
Reaction score
34
Points
48
Location
Melbourne, Victoria
Members Ride
none
I'm with Spark, that should say it all.

I've not had any issues as far as I know in terms of virus's. Just slow speeds. Most periods of extremely low speeds seems to correspond with known DDOS attacks so although the average use may not be involved the whole local area can get real slow due to all the traffic associated with the DDOS attack.

In my experience there are no good internet carriers in NZ, we have a few customer sites there and its painful.
 

Pollushon

Boost gives me a bar....
Joined
Nov 9, 2012
Messages
3,728
Reaction score
2,796
Points
113
Location
Canberra
Members Ride
VY SS
As far as I'm aware I don't have any un-secure ports.

Everyone has unsecured ports, that's how you access the goobs; 80, 443, 25, 143 to name a few. Regardless, 99.9% of us use NAT by default in this day, so unsolicited external gets are nothing to worry about (note use of the word unsolicited). It becomes tricky when you run services on those ports like a mail or web server, because they solicit on your behalf.

Those UDP loops attempting to access port 19 look like a classic Chargen DDoS attempt, probably undertaken by nOOb script kiddies, and your IP was probably on a list they obtained from torrent networks. Shows their skills, Chargen is about as common as the Tassie Tiger these days and not native to Windows. They would have been better off seeing if you still run default ports for various torrent clients, cause most people never take the time to change them to something obscure.

On one of our public ip's we observer on average 10 attempted RDP connections per minute attempting to brute force, using common usernames passwords such as admin / admin , test / test. I have personally seen attacks be successful due to terrible account naming.

You have mstsc exposed to the Internet? Sounds like a nightmare in the making. Those attacks are always successful when it's someone who knows what they're doing cause Windows is about as secure as a house with no doors.
 

PaRaDoX

Because Racecouch...
Joined
Apr 16, 2005
Messages
3,286
Reaction score
34
Points
48
Location
Melbourne, Victoria
Members Ride
none
You have mstsc exposed to the Internet? Sounds like a nightmare in the making. Those attacks are always successful when it's someone who knows what they're doing cause Windows is about as secure as a house with no doors.

On an isolated honey pot yes. On our production environment its all SSL-vpn run on non-standard ports for remote access.
 
Top