My kiwi is offline due to repeated attacks.
During the night my kiwi suffered further attacks as John S. communicated to me why I am no longer online, I cannot understand why the attacks have affected only my system, and the purpose of these attacks, if someone is able to give me explanations even in private I will be grateful. For useful information to all this is the last attack of tonight:
Sun Dec 26 01:08:03 00:19:43.470 0... 0 L ### SECURITY: NO AUTH YET: W/F W/F 23.251.144.77 48928 <0.98452681640793390.98452681640793390.98452681640793390.98452681>
Sun Dec 26 01:08:04 00:19:43.541 .... CONN: 127.0.0.1 X-Real-IP 23.251.144.77
Sun Dec 26 01:08:04 00:19:43.542 .... CONN: 127.0.0.1 X-Forwarded-For 23.251.144.77
from the reverse ip and whois the IP is attested to:
23.251.144.77 Google LLC (AS15169) // 77.144.251.23.bc.googleusercontent.com
Registrar MarkMonitor, Inc. MarkMonitor Inc.
IANA ID: 292
URL: http://www.markmonitor.com
Whois Server: whois.markmonitor.com
(p) 12083895770
Domain Name: googleusercontent.com
Registry Domain ID: 1528918319_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2021-10-16T09:39:12+00:00
2021-10-16
Creation Date: 2008-11-17T15:58:29+00:00
2008-11-17
Registrar Registration Expiration Date: 2022-11-17T00:00:00+00:00
2022-11-17
So I'll tell you in case it's useful.
Good day
Fabrys
Comments
Also I have detected attacks from this ip and also from 104.154.194.205 and 104.198.41.0, they are all Google addresses.
If it helps, I have updated my blacklist with:
39.96.0.0/12 47.240.0.0/14 110.87.0.0/16 117.30.0.0/16 118.143.0.0/16 138.19.0.0/16 149.129.0.0/16 161.117.0.0/16 162.211.0.0/16 173.255.0.0/16 185.237.0.0/16 193.38.0.0/16 38.143.0.0/16 47.74.0.0/16 52.79.0.0/16 92.38.0.0/16 95.179.0.0/16 1.160.0.0/16 1.124.107.0/24 185.220.101.0/24 27.154.20.0/24 27.154.22.0/24 38.106.20.0/24 45.63.114.0/24 46.165.245.0/24 47.89.250.0/24 47.88.219.0/24 54.180.1.0/24 83.8.190.0/24 94.190.209.0/24 69.251.12.0/24 103.25.202.23/32 139.99.219.160/32 180.242.213.14/32 210.152.84.111/32 92.118.45.78/32 34.64.0.0/10 34.128.0.0/10 35.184.0.0/13 35.192.0.0/12 35.240.0.0/13 35.224.0.0/12 35.208.0.0/12 23.251.128.0/19 104.154.0.0/15 104.196.0.0/14
fabio
...vorrei sapere quale cazzo di problema hanno verso il mio kiwi [scrivo direttamente in italiano così posso esprimere tutto il mio disappunto]
ahahah... non credo che abbiano un problema con te, sti attacchi sicuramente sono fatti a tutti i kiwisdr pubblici che trovano
...non ne sono del tutto sicuro mi ha scritto John S. stamani comunicandomi di avermi messo fuori dalla rete proxy reverse in quanto l'ultimo attacco che ho subito, quello sopra, [solo io] ha mandato in crash tutta la rete proxy e ha dovuto disconnettermi per far tornare online tutti voi.
allora la questione è più complessa di quanto immaginavo...
I believe that too
[let's go back to writing in English for everyone else]
the reason, I would like to know only the reason, considering that my kiwi is in free access, and I don't remember having created problems for anyone.
Maybe if I had some more explanation from those familiar with these kinds of attacks I could get an idea
Fabrys,
for just the same reason, for now I serve on ports 8074, 8075 and 8076 only,
73, Jukka
when they put me online again maybe I change the port too if it is not a complicated thing to do.
But it always remains to understand the reason for these continuous attacks, what is the real reason?
Fabrys