View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Portscans & other malicious activity
Log in to Ask a Question

Portscans & other malicious activity

networking

So I'm running snort on my Debian Linode (version 1.8.4-beta1 (Build 91)), and I'm seeing plenty of ICMP ping activity in the alert log, but I'm not seeing anything in the portscan log, or any other attack attempts in the syslog. This has been the case for over a week now. When I ran snort on my DSL connection, I was getting scanned or attacked every few minutes. Does anyone know if this malicious activity is being filtered somewhere upstream, or have any other data points to compare and contrast against?

-"Zow"

4 Replies

Linode Staff

Well .. besides the port filtering that ThePlanet does, I would suspect that script kiddies know they are more likely to find vulnerable machines from cable and DSL providers, rather than locked-down boxes at datacenters. But, that's not to say that having a r00ted box on a high speed network isn't attractive…

-Chris

If a linode did get rooted, (theoretically, I hope this would never happen!) what would be done? Would it simply be terminated until it's owner came back, rebooted and secured it?

-Ashen

If a linode did get rooted, (theoretically, I hope this would never happen!) what would be done? Would it simply be terminated until it's owner came back, rebooted and secured it?

-Ashen

@zow:

So I'm running snort on my Debian Linode (version 1.8.4-beta1 (Build 91)), and I'm seeing plenty of ICMP ping activity in the alert log, but I'm not seeing anything in the portscan log, or any other attack attempts in the syslog. This has been the case for over a week now. When I ran snort on my DSL connection, I was getting scanned or attacked every few minutes. Does anyone know if this malicious activity is being filtered somewhere upstream, or have any other data points to compare and contrast against?

-"Zow"

I've the feeling it's getting filtered downstream.

I'm wondering if you bought an interface for your linode that you dedicate to Snort. I'm about to give Snort a try on my linode but have been wondering about resource issues (I'm NOT going to use ACID or have it report to a MySQL DB) and the best overall deployment of Snort.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct