Port scans with the Chinese super computer, hehe
Christian Palecek Network Administrator Cybernet Inc. Hamilton, MT -------- Original message -------- From: Adair Winter <[email protected]> Date:12/18/2014 10:05 PM (GMT-07:00) To: Mikrotik Users <[email protected]> Subject: Re: [Mikrotik Users] block port 25? while some is UDP a good portion of it is TCP (SYN) On Thu, Dec 18, 2014 at 11:03 PM, Christian Palecek <[email protected] > wrote: > > The joys of udp. > > > Christian Palecek > Network Administrator > Cybernet Inc. > Hamilton, MT > > > -------- Original message -------- > From: Adair Winter <[email protected]> > Date:12/18/2014 9:44 PM (GMT-07:00) > To: Mikrotik Users <[email protected]> > Subject: Re: [Mikrotik Users] block port 25? > > widened out my rule to show all traffic dst for my /21. 200-300Kbps all > coming form China just hitting random IP's in the /21. that's amazing. > > On Thu, Dec 18, 2014 at 10:38 PM, Mike Hammett <[email protected]> > wrote: >> >> Blackhole them! ;-) >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions >> http://www.ics-il.com >> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> >> ------------------------------ >> *From: *"Adair Winter" <[email protected]> >> *To: *"Mikrotik Users" <[email protected]> >> *Sent: *Thursday, December 18, 2014 10:36:46 PM >> >> *Subject: *Re: [Mikrotik Users] block port 25? >> >> weird... I just built a log rule for dst port 25 just to see what was >> coming and going from my network.... in about 40 seconds I had about 4000 >> packets logged... all 61.160.224.128 to an ip on my new /21 block from >> ARIN... which doesn't even have any customers on it. geez. >> >> On Thu, Dec 18, 2014 at 10:31 PM, Mike Hammett <[email protected]> >> wrote: >>> >>> If Server's Plus can't help them figure it out, then pass the buck >>> along... >>> >>> >>> >>> ----- >>> Mike Hammett >>> Intelligent Computing Solutions >>> http://www.ics-il.com >>> >>> <https://www.facebook.com/ICSIL> >>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>> <https://twitter.com/ICSIL> >>> >>> ------------------------------ >>> *From: *"Adair Winter" <[email protected]> >>> *To: *"Mikrotik Users" <[email protected]> >>> *Sent: *Thursday, December 18, 2014 10:29:19 PM >>> >>> *Subject: *Re: [Mikrotik Users] block port 25? >>> >>> suuuuure... You think you'll call their mail provider first?? ha. >>> >>> On Thu, Dec 18, 2014 at 10:25 PM, Mike Hammett <[email protected] >>> > wrote: >>>> >>>> Let Servers Plus deal with that... or whomever's mail server they're >>>> connecting to. >>>> >>>> >>>> >>>> ----- >>>> Mike Hammett >>>> Intelligent Computing Solutions >>>> http://www.ics-il.com >>>> >>>> <https://www.facebook.com/ICSIL> >>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>> <https://twitter.com/ICSIL> >>>> >>>> ------------------------------ >>>> *From: *"Adair Winter" <[email protected]> >>>> *To: *"Mikrotik Users" <[email protected]> >>>> *Sent: *Thursday, December 18, 2014 10:23:03 PM >>>> >>>> *Subject: *Re: [Mikrotik Users] block port 25? >>>> >>>> You'll find some user somewhere who is still configured to send mail to >>>> a mail server on port 25. >>>> On Dec 18, 2014 10:17 PM, "Mike Hammett" <[email protected]> >>>> wrote: >>>> >>>>> If you don't have mail servers then who cares? >>>>> >>>>> That said, unless a customer has a mail server, they should not be >>>>> sending anything out on port 25. Block 'em all. >>>>> >>>>> >>>>> >>>>> ----- >>>>> Mike Hammett >>>>> Intelligent Computing Solutions >>>>> http://www.ics-il.com >>>>> >>>>> <https://www.facebook.com/ICSIL> >>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>> <https://twitter.com/ICSIL> >>>>> >>>>> ------------------------------ >>>>> *From: *"RickG" <[email protected]> >>>>> *To: *"Mikrotik Users" <[email protected]> >>>>> *Sent: *Thursday, December 18, 2014 10:09:36 PM >>>>> *Subject: *Re: [Mikrotik Users] block port 25? >>>>> >>>>> I dont have mail servers (thank God!). However, my IP addys continue >>>>> to get blacklisted. I assume it's due to my subscriber's computers having >>>>> trojans. Looking for suggestions on how to handle. >>>>> >>>>> On Thu, Dec 18, 2014 at 11:38 AM, Mike Hammett < >>>>> [email protected]> wrote: >>>>>> >>>>>> Main IP? >>>>>> >>>>>> My mail servers get blacklisted once or twice a year due to >>>>>> compromised user credentials, but those are the only ones I care about. >>>>>> >>>>>> >>>>>> >>>>>> ----- >>>>>> Mike Hammett >>>>>> Intelligent Computing Solutions >>>>>> http://www.ics-il.com >>>>>> >>>>>> <https://www.facebook.com/ICSIL> >>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>>> <https://twitter.com/ICSIL> >>>>>> >>>>>> ------------------------------ >>>>>> *From: *"RickG" <[email protected]> >>>>>> *To: *"Mikrotik Users" <[email protected]> >>>>>> *Sent: *Thursday, December 18, 2014 10:35:04 AM >>>>>> *Subject: *[Mikrotik Users] block port 25? >>>>>> >>>>>> Folks, I'm tired of dealing with my main IP being blacklisted for >>>>>>> SPAM by certain users. Is it worth blocking port 25 anymore or is that >>>>>>> old >>>>>>> news? >>>>>>> >>>>>> -- >>>>>> -RickG KyWiFi >>>>>> >>>>>> _______________________________________________ >>>>>> Mikrotik-users mailing list >>>>>> [email protected] >>>>>> http://lists.wispa.org/mailman/listinfo/mikrotik-users >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Mikrotik-users mailing list >>>>>> [email protected] >>>>>> http://lists.wispa.org/mailman/listinfo/mikrotik-users >>>>>> >>>>>> >>>>> >>>>> -- >>>>> -RickG KyWiFi >>>>> >>>>> _______________________________________________ >>>>> Mikrotik-users mailing list >>>>> [email protected] >>>>> http://lists.wispa.org/mailman/listinfo/mikrotik-users >>>>> >>>>> >>>>> _______________________________________________ >>>>> Mikrotik-users mailing list >>>>> [email protected] >>>>> http://lists.wispa.org/mailman/listinfo/mikrotik-users >>>>> >>>>> >>>> _______________________________________________ >>>> Mikrotik-users mailing list >>>> [email protected] >>>> http://lists.wispa.org/mailman/listinfo/mikrotik-users >>>> >>>> >>>> _______________________________________________ >>>> Mikrotik-users mailing list >>>> [email protected] >>>> http://lists.wispa.org/mailman/listinfo/mikrotik-users >>>> >>>> >>> >>> -- >>> >>> Adair Winter >>> VP, Network Operations / Owner >>> Amarillo Wireless | 806.316.5071 >>> C: 806.231.7180 >>> http://www.amarillowireless.net >>> >>> >>> _______________________________________________ >>> Mikrotik-users mailing list >>> [email protected] >>> http://lists.wispa.org/mailman/listinfo/mikrotik-users >>> >>> >>> _______________________________________________ >>> Mikrotik-users mailing list >>> [email protected] >>> http://lists.wispa.org/mailman/listinfo/mikrotik-users >>> >>> >> >> -- >> >> Adair Winter >> VP, Network Operations / Owner >> Amarillo Wireless | 806.316.5071 >> C: 806.231.7180 >> http://www.amarillowireless.net >> >> >> _______________________________________________ >> Mikrotik-users mailing list >> [email protected] >> http://lists.wispa.org/mailman/listinfo/mikrotik-users >> >> >> _______________________________________________ >> Mikrotik-users mailing list >> [email protected] >> http://lists.wispa.org/mailman/listinfo/mikrotik-users >> >> > > -- > > Adair Winter > VP, Network Operations / Owner > Amarillo Wireless | 806.316.5071 > C: 806.231.7180 > http://www.amarillowireless.net > >
_______________________________________________ Mikrotik-users mailing list [email protected] http://lists.wispa.org/mailman/listinfo/mikrotik-users
