Is it just me?

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
E

edge

Active Member
Apr 22, 2013
203
71
28
I have a .net domain and for the past week the script kiddy and dos attacks are 4x what they were prior to that. Unsophisticated and ineffectual, but annoying. Anyone else seeing this in their IDS logs?
 
E

edge

Active Member
Apr 22, 2013
203
71
28
Domain. I also host a couple of web sites, but the script kiddies are hitting the ip with the usual dumb password attacks on ssh which isn't exposed. I expect to get hit by the script kiddies about 4 to 8 times a day, lately it has gone up to 12 to 20 times. The sites are getting hit with about a 1.5x higher rate of malformed packets than usual.
 
Serverking

Serverking

The quieter you are, the more you can hear...
Jan 6, 2019
510
212
43
Few more questions:

1. Is this attacker using just one IP or multiple IPs?

2. Are the IPs from one ASN like AS16276 ovh?

Few solutions could be installing fail2ban to rate limit and block the IP, you could also null route all the attacking ASNs.

Another choice is ignore as you don't have any exposed ssh ports.
 
You must log in or register to reply here.
Top Bottom