Recent Discussions
Am I being attacked?
Unanswered
Polar bear posted this in #questions
40 messages
0 views
Polar bearOP
14:51:04, 18 Aug.FWL Port Forward Server(192.168.1.249) TCP 25565 accepted a new connection from 92.40.200.234
14:51:04, 18 Aug.FWL Port Forward Server(192.168.1.249) TCP 25565 accepted a new connection from 92.40.200.235
14:51:04, 18 Aug.FWL Port Forward Server(192.168.1.249) TCP 25565 accepted a new connection from 92.40.200.234
14:51:02, 18 Aug.FWL Port Forward Server(192.168.1.249) TCP 25565 accepted a new connection from 92.40.200.235
Am I being attacked?? There is so many connections like this in my router logs and my server cannot access the Internet now
14:51:04, 18 Aug.FWL Port Forward Server(192.168.1.249) TCP 25565 accepted a new connection from 92.40.200.235
14:51:04, 18 Aug.FWL Port Forward Server(192.168.1.249) TCP 25565 accepted a new connection from 92.40.200.234
14:51:02, 18 Aug.FWL Port Forward Server(192.168.1.249) TCP 25565 accepted a new connection from 92.40.200.235
Am I being attacked?? There is so many connections like this in my router logs and my server cannot access the Internet now
Giant panda
Is it just these two IPs? Because these don't seem to be bad IPs
You can always check your network and router load to see if they're actually attacking you
Bluetick Coonhound
Looks like a port scanner
But if you are concerned then close the port
@Bluetick Coonhound Looks like a port scanner
Yakutian Laika
my main concern is how their router "cannot access the internet now" 😭
Bluetick Coonhound
@Giant panda
Get your facts checked
Get your facts checked
image.png
@Yakutian Laika my main concern is how their router "cannot access the internet now" 😭
Bluetick Coonhound
op didn't clearly state if the router just went down entirely or its just the server that can't access the internet. Although yeah both are concerning
@Bluetick Coonhound @Giant panda
Get your facts checked
Get your facts checked
Giant panda
https://www.abuseipdb.com/check/92.40.200.235 IP has no reports, /24 CIDR range has ~100ish combined all for HTTP, not a scanner
Port scanner connecting multiple times is odd
One thing to note is that the timestamp goes down 2 seconds, if it's not just the OP copying that part separately, the logger might be lagging, which ofc means that there's a big issue
One thing to note is that the timestamp goes down 2 seconds, if it's not just the OP copying that part separately, the logger might be lagging, which ofc means that there's a big issue
@Giant panda https://www.abuseipdb.com/check/92.40.200.235 IP has no reports, /24 CIDR range has ~100ish combined all for HTTP, not a scanner
Bluetick Coonhound
abuseipdb is community powered, it doesn't mean anything if nobody reported it
crowdsec automates its reports from peers once the ip is seen based on signatures
Giant panda
abuseipdb is the only one thats realistically reliable
Bluetick Coonhound
where is that claim from
Giant panda
me
Bluetick Coonhound
good to know
Giant panda
there's a way larger distributed IP pool for abuseipdb honeypots than crowdsec
Any ip report site is reliable tbh
it's just that the one with more users is the better, because you can get more info out of it
Bluetick Coonhound
from personal experience crowdsec has always been reliable in detecting for port scans ¯\_(ツ)_/¯
Loading...
Loading...