cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

brute force attempts?

suma
Just Moved In

I am experiencing  approx 20 Firewall info logs per day of ips being blocked by my firewall. A Whois search shows that the are ips originating in China and are coming through the Kamloops server. I guess the questions are "does Telus monitor for brute force attempts through their servers?   can they blacklist or otherwise block known troublesome ips? what further steps can an end user take to ensure firewall integrity?"

1 ACCEPTED SOLUTION

suma
Just Moved In

thanks for the response Nasty. This would be the telus gateway firewall log.So the next question for me would be "how do I spell paranoia?" hahaha. Just not used to seeing src ips from Shanghai. Below is a screenshot of todays log. 101.227...etc is shanghai, 79.1...etc is Rome Italy 218.208...etc is kuala lumpur. Thanks again.Screenshot - 05232014 - 04:30:32 PM.png

View solution in original post

2 REPLIES 2

nasty
Rockstar

Is this a business standalone firewall product?

Or just the Telus Gateway firewall logs?

 

A brute force attempt would be more like hundreds of hits per hour trying to find a hole(open ports to an internal machine/server).

 

The Telus Gateway firewall log will have a description of what protocol/port pinged the Gateway.

 

If I were to ping any random IP address on the Internet, it will show up in that users firewall logs.

 

If my IP was to change and I got an IP address from someone who did filesharing(P2P), for a short time I would get connection requests from other P2P users, until their P2P directory changes.

 

 

suma
Just Moved In

thanks for the response Nasty. This would be the telus gateway firewall log.So the next question for me would be "how do I spell paranoia?" hahaha. Just not used to seeing src ips from Shanghai. Below is a screenshot of todays log. 101.227...etc is shanghai, 79.1...etc is Rome Italy 218.208...etc is kuala lumpur. Thanks again.Screenshot - 05232014 - 04:30:32 PM.png