Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
How much "scanning" is normal?
« previous
next »
Print
Pages: [
1
]
Author
Topic: How much "scanning" is normal? (Read 414 times)
bpalob
Newbie
Posts: 7
Karma: 0
How much "scanning" is normal?
«
on:
April 23, 2024, 01:59:21 am »
Hi guys,
I observe on my firewall log that I am seing permanently random addresses trying to connect to suspicious ports, for instance 22, 23, 2222, 2323, 3389 etc. At some points I get 25 such requests in about 10 minutes of time.
As I believe to have been recently hacked (got an account hijacked), I got rather suspicious.
I am aware that it's normal that we're all exposed over the WAN. But how much is "normal" or acceptabe?
In the meantime I've had my IP changed (my operator left me with the same for about a year now,...), same with the new IP. Also I implemented Geo-Blocking, which works great, at least from what I see in the firewall log.
Trying to run a tight ship now... but wondering whether this is a normal experience or if you'd say nono, you should not see more than 5 a day,... :-)
Thanks.
Logged
Patrick M. Hausen
Hero Member
Posts: 6829
Karma: 574
Re: How much "scanning" is normal?
«
Reply #1 on:
April 23, 2024, 07:07:50 am »
The entire IPv4 (legacy) Internet is port scanned 24x7.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Greg_E
Sr. Member
Posts: 342
Karma: 19
Re: How much "scanning" is normal?
«
Reply #2 on:
April 23, 2024, 04:01:52 pm »
Quote from: Patrick M. Hausen on April 23, 2024, 07:07:50 am
The entire IPv4 (legacy) Internet is port scanned 24x7.
And by several businesses to try and get money. I have one that scans all the time and offered a free report, so instead of just blocking it, I subscribed to the report. What's interesting is that I see one port that has a service on it listed, but not a second port that I recently opened back up. So something on my system is blocking them after they get the first port. ShadowServer is one of these, check whois for several of the other IP to find out who they are. The good ones will list all IP address ranges that they use so you can block them if you don't like them scanning.
Everything else is from a dirtbag trying to break in.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
How much "scanning" is normal?