Alibaba Port Scanning

PowernumptyPowernumpty
in Configuration and Operation

Just for info I'm getting port scanned for ports 8070-8078 every 2-5 seconds, all day.

47.242.241.144

I've added 47.242.0.0/16 to my blacklist

Comments

  • PowernumptyPowernumpty

    Is nobody else seeing these connections or attempts? My reception peaks at "just about OK" and I'm not close to any military installations as far as I know, so why are they so desperate to get onto an SDR here?

    Could it be that the PI based ones have side channel use, I guess that FPGA has some spare capacity and the PI 4 Ethernet/USB does radiate pretty well.

    Don't know, but I for one would not put one of the PI clones online without knowing what it can see on my local network /environment and keeping a close eye on what is going out the door.

  • KA7UKA7U

    All KiwiSDR connection attempts appear legit in the recent user.log. Hopefully it stays that way.

    Ron - KA7U

  • bensonbenson
    edited April 2021

    Also encountered frequent and relentless connection attempts from Alibaba ip addresses, however in the SE Asia region these traced back to Singapore servers and so I have blocked large swaths of their addresses. Seems whoever is mainly interested in listening in on HF ATC MWRA frequencies. These same frequencies also are often attempted to connect from mainland CN servers.

    Regards, Ben

  • PowernumptyPowernumpty

    Thanks for the replies, it must be personal...

    Ben, I do have an enourmous amount of that area blocked, partly as an import from a work server that was just continually targeted.

    It might be that my IP was added to some script and they have forgotten about it but yesterday it did seem to move focus on the higher port of a PI/Kiwi I'd just fired up so not sure what they are sniffing or what gets sent out on boot.

    Luckily today I've messed up the VLAN (or the SDR networking port has failed) so I can't get to anything let alone those in Hong Kong/China.

    Stu

  • colin99colin99

    I am seeing this as well -- relentless Asian IP's dropping on 10054 khz USB over and over again - kick them, they reappear minutes later -- is this a BOT or a Human or a port scanner or?


    Would someone post their BLOCK IP list and I will add this to mine?

  • bensonbenson

    Hi Colin99,

    Please check your pm for the blacklist i am currently using.

  • PowernumptyPowernumpty

    A selection of today's Port Scans, lot of Vultr.com in there

    47.242.240.98
8.210.215.228
47.242.111.208
47.242.39.3
47.242.82.172
47.242.240.167
47.242.108.221
158.247.199.241
155.138.139.35
207.246.99.253
149.28.92.8
209.250.251.56


Sign In or Register to comment.