rarias/jungle
2
0
Fork 3
Code Issues 57 Pull Requests 7 Actions Packages Projects Releases Wiki Activity

Protect Fox against port scanners #166

New Issue
Open
opened 2025-08-29 15:13:44 +02:00 by rarias · 1 comment
rarias commented 2025-08-29 15:13:44 +02:00
Owner
Copy Link

Proper adaptative rules with ipset:

https://unix.stackexchange.com/questions/345114/how-to-protect-against-port-scanners#answer-407904

Proper adaptative rules with ipset: https://unix.stackexchange.com/questions/345114/how-to-protect-against-port-scanners#answer-407904
rarias added the net label 2025-08-29 15:13:44 +02:00
rarias changed title from Protect Fox agains port scanners to Protect Fox against port scanners 2025-08-29 15:13:50 +02:00
rarias self-assigned this 2026-01-14 17:03:58 +01:00
rarias commented 2026-02-11 17:15:23 +01:00
Author
Owner
Copy Link

More spam:

Feb 11 16:31:41 fox kernel: refused connection: IN=enp1s0f0np0 OUT= MAC=7c:c2:55:9d:7d:ae:b0:fa:eb:75:cc:00:08:00 SRC=176.65.148.189 DST=147.83.30.141 LEN=40 TOS=0x04 PREC=0xA0 TTL=239 ID=54321 PROTO=TCP SPT=46815 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 11 16:45:06 fox kernel: refused connection: IN=enp1s0f0np0 OUT= MAC=7c:c2:55:9d:7d:ae:b0:fa:eb:75:cc:00:08:00 SRC=165.154.36.150 DST=147.83.30.141 LEN=40 TOS=0x08 PREC=0x20 TTL=233 ID=54321 PROTO=TCP SPT=46862 DPT=1954 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 11 16:45:06 fox kernel: refused connection: IN=enp1s0f0np0 OUT= MAC=7c:c2:55:9d:7d:ae:b0:fa:eb:75:cc:00:08:00 SRC=165.154.36.150 DST=147.83.30.141 LEN=40 TOS=0x08 PREC=0x20 TTL=233 ID=54321 PROTO=TCP SPT=46863 DPT=1954 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 11 16:50:46 fox kernel: refused connection: IN=enp1s0f0np0 OUT= MAC=7c:c2:55:9d:7d:ae:b0:fa:eb:75:cc:00:08:00 SRC=91.230.168.215 DST=147.83.30.141 LEN=60 TOS=0x00 PREC=0x00 TTL=40 ID=50273 DF PROTO=TCP SPT=50660 DPT=2011 WINDOW=5840 RES=0x00 SYN URGP=0
Feb 11 16:54:19 fox kernel: refused connection: IN=enp1s0f0np0 OUT= MAC=7c:c2:55:9d:7d:ae:b0:fa:eb:75:cc:00:08:00 SRC=193.163.125.6 DST=147.83.30.141 LEN=44 TOS=0x08 PREC=0x20 TTL=241 ID=10309 PROTO=TCP SPT=44197 DPT=19955 WINDOW=14600 RES=0x00 SYN URGP=0
Feb 11 16:55:11 fox kernel: refused connection: IN=enp1s0f0np0 OUT= MAC=7c:c2:55:9d:7d:ae:b0:fa:eb:75:cc:00:08:00 SRC=147.83.31.6 DST=147.83.30.141 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=573 DF PROTO=TCP SPT=48076 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Feb 11 16:55:12 fox kernel: refused connection: IN=enp1s0f0np0 OUT= MAC=7c:c2:55:9d:7d:ae:b0:fa:eb:75:cc:00:08:00 SRC=147.83.31.6 DST=147.83.30.141 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=45892 DF PROTO=TCP SPT=48082 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Feb 11 16:55:12 fox kernel: refused connection: IN=enp1s0f0np0 OUT= MAC=7c:c2:55:9d:7d:ae:b0:fa:eb:75:cc:00:08:00 SRC=147.83.31.6 DST=147.83.30.141 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=5950 DF PROTO=TCP SPT=40042 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0
Feb 11 16:55:12 fox kernel: refused connection: IN=enp1s0f0np0 OUT= MAC=7c:c2:55:9d:7d:ae:b0:fa:eb:75:cc:00:08:00 SRC=147.83.31.6 DST=147.83.30.141 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=19045 DF PROTO=TCP SPT=40044 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0

We may as well ban the whole UPC AS13041.

More spam: ``` Feb 11 16:31:41 fox kernel: refused connection: IN=enp1s0f0np0 OUT= MAC=7c:c2:55:9d:7d:ae:b0:fa:eb:75:cc:00:08:00 SRC=176.65.148.189 DST=147.83.30.141 LEN=40 TOS=0x04 PREC=0xA0 TTL=239 ID=54321 PROTO=TCP SPT=46815 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Feb 11 16:45:06 fox kernel: refused connection: IN=enp1s0f0np0 OUT= MAC=7c:c2:55:9d:7d:ae:b0:fa:eb:75:cc:00:08:00 SRC=165.154.36.150 DST=147.83.30.141 LEN=40 TOS=0x08 PREC=0x20 TTL=233 ID=54321 PROTO=TCP SPT=46862 DPT=1954 WINDOW=65535 RES=0x00 SYN URGP=0 Feb 11 16:45:06 fox kernel: refused connection: IN=enp1s0f0np0 OUT= MAC=7c:c2:55:9d:7d:ae:b0:fa:eb:75:cc:00:08:00 SRC=165.154.36.150 DST=147.83.30.141 LEN=40 TOS=0x08 PREC=0x20 TTL=233 ID=54321 PROTO=TCP SPT=46863 DPT=1954 WINDOW=65535 RES=0x00 SYN URGP=0 Feb 11 16:50:46 fox kernel: refused connection: IN=enp1s0f0np0 OUT= MAC=7c:c2:55:9d:7d:ae:b0:fa:eb:75:cc:00:08:00 SRC=91.230.168.215 DST=147.83.30.141 LEN=60 TOS=0x00 PREC=0x00 TTL=40 ID=50273 DF PROTO=TCP SPT=50660 DPT=2011 WINDOW=5840 RES=0x00 SYN URGP=0 Feb 11 16:54:19 fox kernel: refused connection: IN=enp1s0f0np0 OUT= MAC=7c:c2:55:9d:7d:ae:b0:fa:eb:75:cc:00:08:00 SRC=193.163.125.6 DST=147.83.30.141 LEN=44 TOS=0x08 PREC=0x20 TTL=241 ID=10309 PROTO=TCP SPT=44197 DPT=19955 WINDOW=14600 RES=0x00 SYN URGP=0 Feb 11 16:55:11 fox kernel: refused connection: IN=enp1s0f0np0 OUT= MAC=7c:c2:55:9d:7d:ae:b0:fa:eb:75:cc:00:08:00 SRC=147.83.31.6 DST=147.83.30.141 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=573 DF PROTO=TCP SPT=48076 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 Feb 11 16:55:12 fox kernel: refused connection: IN=enp1s0f0np0 OUT= MAC=7c:c2:55:9d:7d:ae:b0:fa:eb:75:cc:00:08:00 SRC=147.83.31.6 DST=147.83.30.141 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=45892 DF PROTO=TCP SPT=48082 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 Feb 11 16:55:12 fox kernel: refused connection: IN=enp1s0f0np0 OUT= MAC=7c:c2:55:9d:7d:ae:b0:fa:eb:75:cc:00:08:00 SRC=147.83.31.6 DST=147.83.30.141 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=5950 DF PROTO=TCP SPT=40042 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 Feb 11 16:55:12 fox kernel: refused connection: IN=enp1s0f0np0 OUT= MAC=7c:c2:55:9d:7d:ae:b0:fa:eb:75:cc:00:08:00 SRC=147.83.31.6 DST=147.83.30.141 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=19045 DF PROTO=TCP SPT=40044 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ``` We may as well ban the whole UPC AS13041.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
ceph
ci
config
cross
hw
io
kernel
mpi
net
nix
ops
repair
slurm
No Label net
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
abonerib arocanon varcila rarias
No Assignees rarias
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: rarias/jungle#166
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?