Michael J. Pawlowsky wrote:
But the stuff coming from China.... Forget it.
I get attacks like these just about every other day. I maintain servers for several networks... And there always seems to be one of them somewhere that is getting probed.
Yeah, the question is whether this is just a random scan or someone actually targeting the machine for some reason. There is a ton of scanning going on nowadays, it's very common. When a new root vulnerability surfaces, there are usually scripts written pretty soon after that scan large netblocks looking for any machine that is vulnerable.
In terms of what you can do, block the address(es) by all means. And make sure to stay up to date on the available patches/upgrades. The vast majority of root compromises happen by way of known vulnerabilities. Also, don't run services you don't need to, and use iptables to restrict access as mush as possible for any you do need.
Rich
