Subj : Re: Getting hammered! To : Sniper From : Ennev Date : Fri Mar 17 2017 14:03:00 > I'm at my wits end over this. Can we enter IP's for entire domains? > 1.1.1.1/32 ?? Because one at a time is just not feasiable anymore! Anyone > have a good comprehensive list they might send me? > > Help! :) > > Sniper > > Sniper > > Killed In Action BBS, telnet://kiabbs.org you should see my logs :-) the problem is hacker will hack, some of them will scanport every ip addresses that they will get a ping back from, hopping to get a big honeypot of unsecured valuable data. So when they'll find a open telnet, ssh, rpc port they'll try it. And what you see in your log was automated, it would just had notify the hacker if it found a system it could got it and they do. Just put a machine up somewhere and don't even mention on a board that it exist you'll endup getting traffic anyway. I think there is little we can do except to block all the ports we can, don't use common usernames and passwords. We are in an era of the IOT (internet of things) and not the SIOT, now even a connected light bulb can be hacked and be controlled by a botnet. So blocking ip is a lost battle. So keeping our os up to date with all the security patches and by not opening ports that don't need to be and backup regularly is the best defence. The main problem is that we have chosen to open a service to the public. I knew of a few lists but they are more focused on crawlers and slurpers on http websites. Maybe somebody will bring a more positive light that I did.  --- þ Synchronet þ MtlGeek - Geeks in Montreal - http://mtlgeek.com/ - .