It does concern me for a number of reasons. 1. Why would they need to keep probing many thousands of times and so rapidly? 2. No one except for me has a legitimate reason to attempt to connect on my SSH port, or the telnet port unless invited to do so by me. On seeing it was closed, if they had done by error, then they should have stopped. 3. Same with the Bind port, more or less. The 7777 port is only used, as far as I am aware, for communications with certain malware. On finding it closed, why persist unless their motives were nefarious.
I am protected on all those ports so it is possible to say it is no worry to me, except it is illicit use of my resources, regardless of how little. But looking from a wider perspective, here we have the resources of a public institution, a university, being used for seemingly illicit purposes. The story about it being a legit operation holds no water. We are talking thousands upon thousands of attempts being made rapidly over a sustained period. Someone is likely to get hit by them who does have sufficient guards in place, what then. So yes it does concern me

On Tue, 9 Apr 2019 at 17:38, Dom Latter <bitfolk-users@latter.org> wrote:

On 09/04/2019 04:44, Keith Williams wrote:
> for at least 24 hours now. They go for ports 22.23.53, 80, 443 and 7777.
> That last one is particularly nasty.

They're (probably) looking for a backdoor opened up by Windows malware.

Why would that concern you?

_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users