I was developping an app, and running a server from home on a private IP on port 8080 (This is the only port coming from my IP that is exposed to the internet). Its just a simple java IO socket.
But I constantly have random people trying to connect from random IPs coming from the virgin islands etc.
Not sure if this is normal?
I did register at no-ip...because I have a dynamic IP, not sure if that might be exposing my home IP to some bots scanning things?
If anyone can shed some more light on this, that would be great.
I am running the socket server in sandboxie so that might mitigate attacks somewhat..I just hope its not anything like that. I also implemented some basic authentication now, and it will drop connections if they fail to authenticate..but before that, those random IPs would stay connected for many hours...its so weird.
As pointed out in the comments. These are indeed people scanning the internet.
Many of the observed IPs can be found in lists like this: http://global-threat.rmjconsulting.net/?op=prv_idstableLimit&limit=5000
I guess that proves again how important network security is and making sure no vulnerable apps are facing the internet.
Was kind of suprised by the frequency that this happens..
Related
Just as the title says,
Not all ISP in our country support IPv6 yet, some does, some doesnt,
I dont want to create a situation where players can only play our game only if
he/she has a certain "IPv6 enabled" ISP. That won't be great. The ISP I used support IPv6.
My server(pc) is set behind a series of NAT, (I dun know the architecture but port-forwarding from the router is not enough, it has its own "local" ipv4-address from its "parent"(I don't know the ip-address of the parent)). Also I have contacted them, to give me a public IPv4 but unfortunately, it didn't go well as planned.
At the start, I tried to use IPv4 address given by "whatismyip.com", but well it gives the IP address of my ISP, not my router or my PC.
And then, there is this, I can access the server via IPv6 connections. But can't via IPv4. so how can I establish the connection between the two? How can I solve it?
(Please feel free to ask about any more information that is needed, I just recently started to learn networking so they are lots of things i might be wrong about, sorry in advance)
Thanks in advance! UwU
First I want to define my question:
1, I am talking about computer program doing the IM, not mobile app. The program should be working in every home, or office environment.
2, Right now all (or most) home computers are behind a router, protected by ISP's security policy. It is not like 20 years ago, when a computer connects to an adapter, it gets a universal IP, as good as Microsoft.com and whitehouse.gov. 10 years ago, you can advise user to do port forwarding, or use UPnP to stealthily perform the port forwarding task. But now in the name of security, ISP is taking port forwarding out from the ISP-managed router (xfinity is doing that, as far as I know).
I know how to do IM in LAN setting, or the universal IP setting, that you get the IP of the friend, establish connection using TCP or UDP, then transfer information. Now when all computers are behind the routers, what is the feasible way / popular way / right way to do IM again? Using a central server to transfer information, by establishing connections of UserA-Server and UserB-Server? I know it would work, but not very "instant", in my humble opinion.
Please advise, thanks.
Upnp and NAT-PMP can still work, it will map a external port like punchhole. The problem is that our external IP may not be sure. So if you want to send IM, there are two choices, DHT or Central Controller.
I suggest you to use DHT and a central server using ICE structure, if DHT can work then it is ok, or we can use the central server to do the UDP/TCP traversal. In some circumstances like symmetric NAT, the server need to do relay, but in others, it just start the connection and then it is a p2p connection without server.
I am a PHP coder but not a server expert so I wondered if anyone could answer the following query.
Is there a way that a bot can determine the IP of my server when it runs through Cloudflare?
Someone suggested that folk could try ftp.domain.com and things like that. I do not have that setup on my server although Cloudflare do set this up automatically for you when you register a domain.
If you are a server expert and wanted to determine the actual IP of a server, how would you go about it?
Thanks.
PS: I do not want my IP public, hence the question.
Someone that really wants to find your server IP address probably can. We're only going to really stop basic lookups from returning your IPs, but we can only proxy web traffic & some records on your domain (mail, for example) may still return your server IP.
We do have some tips on minimizing the probability that someone could find it easily with these guidelines.
I'm struggling with Kamailio as a simple dispatcher for FreeSwitch. This is my configuration so far: http://pastebin.com/nBPSpe6S
Connecting an iPhone and an Android makes the calls between them timeout.
Connecting one of the phones and my laptops makes calls between them produce the error "Too many hops".
With all of them I'm able to call in to the Freeswitch, for listening to voicemail, hold music etc.
So I guess it's still NAT problems or similar?
Can anyone spot the error, missing thing or something else that is wrong with the config?
P.S. Adding phones, laptops etc. directly to FreeSwitch, without Kamailio, makes everything works.
"Too many hops" is just that - too many hops. A SIP messages is being routed around in a bad way. In many cases in Kamailio, this is because DNS and Kamailio doesn't have the same view of the world. Kamailio doesn't know which domains it's authoritative for (the alias= configuration parameter) and forwards using DNS. DNS points back to the same Kamailio.
Your configuration lacks both alias= and IP addresses kamailio should listen to. Now, your configuration doesn't really use the alias, so I don't see that problem here. Since you are not showing the dispatcher table it's hard to figure out. I suggest you add a couple of calls to xlog() to see what's going on and figure out why a message is looping around. Good luck!
I need to turn on networking for MySQLd, but every time I do, the server gets brute-forced into oblivion. Some mean password guessing script starts hammering on the server, opening a connection on port 3306 and trying random passwords forever.
How can I stop this from happening?
For SSH, I use denyhosts, which works well. Is there a way to make denyhosts work with MySQLd?
I've also considered changing the port MySQL is running on, but this is less than ideal and only a stop-gap solution (what if they discover the new port?)
Does anyone have any other ideas?
If it makes a different, I'm running MySQL 5.x on FreeBSD 6.x.
Firewall mysql port out. But this belongs to the serverfault realm, I believe.
I've also considered changing the port MySQL is running on, but this is less than ideal and only a stop-gap solution (what if they discover the new port?)
The stupid bots are the ones that are constantly bashing themselves aginst your port and they don't look for new ports. Move to a different port and you now only have to worry about people who are trying to hack you, rather than the internet background noise of compromised machines scanning random hosts. This is a great improvement.
If you need to let only a few specific machines through to your database you could consider an SSH tunnel between local ports on the database and client machines. It's fairly rare you really want to open a database port to the public internet.
Limit the number of unsuccessful requests a single host can make.
I believe changing the port number from the default one (3306) to some other doesn't improve the security but helps in most cases (at least a bit). Have you tried that in practice or only considered?