Alibaba Port Scanning

Just for info I'm getting port scanned for ports 8070-8078 every 2-5 seconds, all day.

47.242.241.144

I've added 47.242.0.0/16 to my blacklist

Comments

  • Is nobody else seeing these connections or attempts? My reception peaks at "just about OK" and I'm not close to any military installations as far as I know, so why are they so desperate to get onto an SDR here?

    Could it be that the PI based ones have side channel use, I guess that FPGA has some spare capacity and the PI 4 Ethernet/USB does radiate pretty well.

    Don't know, but I for one would not put one of the PI clones online without knowing what it can see on my local network /environment and keeping a close eye on what is going out the door.

  • All KiwiSDR connection attempts appear legit in the recent user.log. Hopefully it stays that way.

    Ron - KA7U

  • edited April 12

    Also encountered frequent and relentless connection attempts from Alibaba ip addresses, however in the SE Asia region these traced back to Singapore servers and so I have blocked large swaths of their addresses. Seems whoever is mainly interested in listening in on HF ATC MWRA frequencies. These same frequencies also are often attempted to connect from mainland CN servers.

    Regards, Ben

  • Thanks for the replies, it must be personal...

    Ben, I do have an enourmous amount of that area blocked, partly as an import from a work server that was just continually targeted.

    It might be that my IP was added to some script and they have forgotten about it but yesterday it did seem to move focus on the higher port of a PI/Kiwi I'd just fired up so not sure what they are sniffing or what gets sent out on boot.

    Luckily today I've messed up the VLAN (or the SDR networking port has failed) so I can't get to anything let alone those in Hong Kong/China.

    Stu

  • I am seeing this as well -- relentless Asian IP's dropping on 10054 khz USB over and over again - kick them, they reappear minutes later -- is this a BOT or a Human or a port scanner or?


    Would someone post their BLOCK IP list and I will add this to mine?

  • Hi Colin99,

    Please check your pm for the blacklist i am currently using.

  • A selection of today's Port Scans, lot of Vultr.com in there

    47.242.240.98
    8.210.215.228
    47.242.111.208
    47.242.39.3
    47.242.82.172
    47.242.240.167
    47.242.108.221
    158.247.199.241
    155.138.139.35
    207.246.99.253
    149.28.92.8
    209.250.251.56
    
    


Sign In or Register to comment.