9 Apr
2019
9 Apr
'19
10:59 a.m.
It does concern me for a number of reasons. 1. Why would they need to keep
probing many thousands of times and so rapidly? 2. No one except for me has
a legitimate reason to attempt to connect on my SSH port, or the telnet
port unless invited to do so by me. On seeing it was closed, if they had
done by error, then they should have stopped. 3. Same with the Bind port,
more or less. The 7777 port is only used, as far as I am aware, for
communications with certain malware. On finding it closed, why persist
unless their motives were nefarious.
I am protected on all those ports so it is possible to say it is no worry
to me, except it is illicit use of my resources, regardless of how little.
But looking from a wider perspective, here we have the resources of a
public institution, a university, being used for seemingly illicit
purposes. The story about it being a legit operation holds no water. We are
talking thousands upon thousands of attempts being made rapidly over a
sustained period. Someone is likely to get hit by them who does have
sufficient guards in place, what then. So yes it does concern me
On Tue, 9 Apr 2019 at 17:38, Dom Latter <bitfolk-users(a)latter.org> wrote:
On 09/04/2019 04:44, Keith Williams wrote:
for at least 24 hours now. They go for ports
22.23.53, 80, 443 and 7777.
That last one is particularly nasty.
They're (probably) looking for a backdoor opened up by Windows malware.
Why would that concern you?
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users