03 Oct 16 17:29, you wrote to Ben Ritchey:
>> I am blocking some with multiple hits, but I ignore the rest {chuckle}
JK> <sigh>... sign of the times, that's for sure. I'm sure if I check
JK> some of the system logs I'll see similarly named attempts. My
JK> favorites: ADMIN, ROOT.. Lol
in a demented way, i kinda enjoy watching my frontdoor wait-for-call when these
bots connect... i see all their commands up to the point where they send the
busybox command and then "no carrier" because the IDS/IPS on the perimeter has
dropped their connection for a rules violation... it really is funny...
especially since they're blocked from causing the server to be overworked...
why do i want to subject my server(s) to that when they can be dropped at the
perimeter and never even traverse my network at all? ;)
JK> What losers :)
they took down brian krebs' web site that was protected (pro bono) by akamai...
more than 620G per second and it was too much... google's "Project Shield" is
covering his site now...
)\/(ark
Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it
wrong...
... Bald spot? No - solar panel for brain power.
---
* Origin: (1:3634/12.73)
|
