Quiet day today for hackers throughout the net who are desperate to get onto to my poor little web server. Nothing as interesting as Laos unfortunately but I’ve been having repeated attacks today from a single IP address in South Korea – 175.205.213.68, who have been targeting me today.
The IP address is registered with Korea Telecom who’s headquarters I think are in Seoul.
Incidentally, if you’re interested in North Korea and the lives people lead there, I can thoroughly recommend this book by Blaine Harden, a Newspaper reporter – Escape from Camp 14: One man’s remarkable odyssey from North Korea to freedom in the West. IT tells the tale of a North Korean who escaped from a prisoner camp in North Korea, it’s incredible stuff.
Anyway hopefully he hasn’t become a computer hacker based out of Seoul, but there are plenty of them there. My firewall logs are filled with these messages all directed at my server, from the South Korean IP address
*UDP_IN Blocked*
*TCP_IN Blocked*
This is not an actual hack attempt, but what’s called Port Scanning. Basically using tools (or by hand if you’re hard core!) you scan the target computer looking for options to attack. So the scanner will look for things like an FTP server running on port 21, or perhaps for the existent of a vulnerable server like Telnet which actually passes logon credentials in clear text. It could be thousands of other things though, some commercial scanners will look for all sorts of opportunities from an Operating System which is not patched properly or some vulnerable service.
It’s quite an amateur attempt immediately picked up by my firewall and IDS system, although to be fair he hasn’t triggered an automatic permanent block on my firewall, just temporary bans. The best scanners work very slowly, checking each port and service slowly so not to trigger defenses. Anyway doesn’t matter much to me, as I’m going to block him manually. Bye 175.205.213.68.
Posted – 24-10-14