[PLUG-TALK] Cracking Attempts
Paul Mullen
pm at nellump.net
Mon Jun 2 15:13:58 UTC 2014
On Mon, Jun 02, 2014 at 06:16:20AM -0700, Rich Shepard wrote:
> I assume thses are all scripted and run automatically. While I suppose
> that I should be honored that the People's Army think I have trade secrets
> worth stealing, I'n not. But, I do wonder why these attempts continue day
> after day, week after week, when they all fail.
>
> Could it be that there is no cost to continuing always-failing penetration
> attempts? Or is there something else in play here?
Since it's cost-free, why not keep trying? You (Rich) might make a
mistake in your system administration duties some day.
If you're really concerned, you could always attempt to block Chinese
IP addresses. Lists of all known Chinese IP addresses are available
(e.g., http://www.wizcrafts.net/chinese-iptables-blocklist.html).
They can never be entirely complete, and the list keeps changing, but
it does help to dramatically reduce the attack noise in log files.
Combine that with fail2ban if you have the spare time.
--
Paul
More information about the PLUG-talk
mailing list