Since network security is one of the hats that I wear, I get various security alerts throughout the day…from my firewall or IDS (Intrusion Detection System). Most of the time they are nothing to worry about, and I quickly figure out what happened. Sometimes, though, I end up spending a lot of time trying to figure out if the alert was serious…is something bad happening on MY network?
But then, sometimes it’s just comical….like, “Hello, I’m a newbie hacker, please let me in”. Take a look at this…
As you can see, this portscan is stepping through my public IP address range, hitting three different destination ports…80 (http), 8080 (http alternative port), and 1080 (typically used for proxy services). And this is just a snippet…there was a total of 147 packets in less than 10 seconds. The source IP address (18.104.22.168) is from a parent block owned by an entity in China, but is sub-delegated to a hosting facility located in Los Angeles. Go figure. There really is no way to know who is doing this…probably some 11 year old kid in Beverly Hills.
But I did get a laugh out of this. Hope you did too.