On 20/02/2021 23.53, Bengt Gördén wrote:
On 2021-02-20 21:36, Carlos E.R. wrote:
I was simply not expecting anyone to find it.
I can assure you. It doesn't take more than a couple of hours to find it for the abusers out there.
I understand they are fast if you put services in the normal ports, but not that easy if you use a high port. My error was that "50000" is apparently a commonly used port. Now I use a random number. Scanning for it takes 60000 times more - I know because I tried with nmap and it takes minutes. So far, no hits! We will see in a few days. I use the same strategy for ssh since some years, and I saw nothing in the logs.
OT: If you really want to see how scans are done you should setup an argus server and dive into the logs. I did setup my first argus server 16-17 years ago at a university. It's not under my supervision anymore but it's still used and gives a lot of valuable research data, and for feeding a filtering system for abusive connections and IP's. I do have one at home and turn it on from time to time if needed or just to watch live internet-abuse-TV.
Interesting. But no, the powers of my internet facing router are limited, so no, I don't think I can try, and anyway I'm not that interested to invest time in it :-D -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)