Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 4 subscribers
  • Views 381 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF Scanning von DO

RemoHehlert

Hallo zusammen,

in den letzten Wochen und Monaten ist mir vermehrt aufgefallen das einige IP Adr. eines gewissen Providers vermehrt meine WAF System Scannen. Teils mit mehreren 1000 Anfragen und immer Nachts.

Es werden alle Möglichen Systeme und Ports gescannt.

Habt ihr das auch?

VG TBC



This thread was automatically locked due to age.
Parents
  • 0

    Hallo TBC,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment.)

    At several clients, I've been seeing port scanning attacks coming from China over the last several years.  Early on, I could identify them as coming from Chinese military subnets.  They changed to using generic subnets in China.  Outside of that, it's mostly scanners that map the Internet as a service for legitimate reasons.  I also occasionally see such activity from all over the world from what, I assume, are hackers.

    Let us know what you decide to do.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello BAlfson,

    i see this one the hole Week:

    Häufigste    Virtueller Host        Anfragen    %    Verkehr        %    
    1        x.x.x.94:6085        102        15.53    24.1 kB        16.29
    2        xxx.net:6090        102        15.53    22.9 kB        15.54
    3        xxx.net:6080        102        15.53    22.9 kB        15.54
    4        xxx.net:6083        102        15.53    22.9 kB        15.54
    5        x.x.x.94:6083        102        15.53    22.9 kB        15.54
    6        xxx.net:6072        102        15.53    22.9 kB        15.54

    They all comming from DO Germany and sometimes from US, China or India.
    There are only between 2 and 5 IP adresses each day how did that.
    The data above is from today and all IP i have seen are now on blacklist.
    That one cames every time at night German Time.
    For me that one is deffently not "legitimate reasons"

    Many thanks !

    TBC

Reply
  • 0 in reply to BAlfson

    Hello BAlfson,

    i see this one the hole Week:

    Häufigste    Virtueller Host        Anfragen    %    Verkehr        %    
    1        x.x.x.94:6085        102        15.53    24.1 kB        16.29
    2        xxx.net:6090        102        15.53    22.9 kB        15.54
    3        xxx.net:6080        102        15.53    22.9 kB        15.54
    4        xxx.net:6083        102        15.53    22.9 kB        15.54
    5        x.x.x.94:6083        102        15.53    22.9 kB        15.54
    6        xxx.net:6072        102        15.53    22.9 kB        15.54

    They all comming from DO Germany and sometimes from US, China or India.
    There are only between 2 and 5 IP adresses each day how did that.
    The data above is from today and all IP i have seen are now on blacklist.
    That one cames every time at night German Time.
    For me that one is deffently not "legitimate reasons"

    Many thanks !

    TBC

Children
No Data
Unfiltered HTML