[futureusr]

I stated on here not too long ago that I would rather have China snooping my phone than my own country. I reckon they decided to take me up on it.

3 IPs that trace back to China have been attempting to hack the root account on my Linux box for last hour or so. Root login via ssh is disabled, and the only port I fwd through my router is 22, so not much chance they will get in.

And you think they did not sniff out Hillary's server and throw everything they have at it?

Last failed login: Thu May 5 19:50:37 EDT 2016 from 221.203.3.104 on ssh:notty
There were 671 failed login attempts since the last successful login.

[[email protected] ~]# netstat | grep ssh
tcp 0 84 bsp1.bsp:ssh 221.203.3.:bues_service ESTABLISHED
tcp 0 0 bsp1.bsp:ssh 94.156.128.182:52812 ESTABLISHED
tcp 0 64 bsp1.bsp:ssh 192.168.1.27:63742 ESTABLISHED
tcp 0 85 bsp1.bsp:ssh 59.45.79.23:33299 FIN_WAIT1

 

[phaed]

i think this happens all the time to everyone. i've been sniffing and tracking this type of information for many years. i think it's just botnets crawling the internet testing for vulnerabilities, so they can add other zombies to their collection. the probability that you're specifically targeted by some hacker is remote in the extreme, unless you've pissed someone off or have valuable information.

 

[futureusr]

agreed, I don't think I am being targeted specifically. I am just a schmuck with port 22 open to the world.

 

[Squid]

Yeah, just the equivalent of someone jiggling car doors in a parking lot.

 

[RedDawnTheMusical]

Yeah that is just script kiddies or bots. I seriously doubt that Hillary had a firewall appliance - I wonder if she was even using NATing. Has there been anything published on her server configuration? Since it is an email server, I suspect it had more than just a port or two open (e.g. posts for SMPT, POP3, IMAP, TLS/SSL, EWS, CalDev, RDS, etc.).

 

[45_Fan]

I regularly get tried by bots. I once found a broken one that had latched on and was somewhere the thousands of running exactly the same permutations of password attempts before I just blocked it at the firewall. It had well north of a million attempts when I blocked it. The poor thing was stuck in repeat for more than a day and they didn't notice...

 

[NullMatrix]

I have an SSH server at home and it regularly gets brute-force login attempts from China and other places.

I have it set up with "fail2ban" which blocks IPs after too many failed logins. You can tell you're being hit by a large adversary when they immediately switch IPs after getting banned on one.

They do give up after a while, and except for some zero-day vulnerability in my SSH server they are extremely unlikely to gain access.

 

[phaed]

Yeah that is just script kiddies or bots. I seriously doubt that Hillary had a firewall appliance - I wonder if she was even using NATing. Has there been anything published on her server configuration? Since it is an email server, I suspect it had more than just a port or two open (e.g. posts for SMPT, POP3, IMAP, TLS/SSL, EWS, CalDev, RDS, etc.).

yeah, "Guccifer", the romanian hacker that supposedly got into Hilary's server laid out some details, but not all of them made their way to the press. she had a dedicated sys admin. there's no reason to believe he half-assed it.

 

[RedDawnTheMusical]

yeah, "Guccifer", the romanian hacker that supposedly got into Hilary's server laid out some details, but not all of them made their way to the press. she had a dedicated sys admin. there's no reason to believe he half-assed it.

Likewise there is no reason to believe he didn't. I've met "IT specialists" that can barely operate a smartphone. This server was, at lest originally, supposedly in he home closet. While it is possible that there was a hardware firewall in front of it, active intrusion prevent monitoring, etc., it could just have as easily been a server with a default (non-hardened) configuration shoved in a closet. The Romanian hacker supposedly got into it after doing some basic port sniffing (and then I assume exploiting a known security flaw in the installed software). However, only Fox is reporting his role and, supposedly, the FBI found no evidence to affirm his claim. I guess we'll have to wait and see what the real deal is here (well, at least the government's version).