Wednesday, March 22, 2006
Once more into the tarpit
It's been a while since I last reported on the Labrea Tarpit we're running. In the almost two months since I've mentioned it, it's just been sitting on a shelf, tarpitting away. As I reported back then, it seems that it's more effective at telling us what's attacking us (IP address) and where (port number) than actually slowing down the attacks.
Yesterday, Dan the Network Engineer asked if he could get regular reports
of what IP addresses are
hitting us hard. So I modified ltpstat to generate the requested information
(I'm not bothering to mask the offending IP addresses):
| IP Address | Number of “connections” |
|---|---|
| 81.248.42.133 | 7207 |
| 160.79.143.98 | 846 |
| 59.21.72.1 | 691 |
| 216.48.7.19 | 552 |
| 82.76.161.38 | 487 |
| 217.132.178.97 | 484 |
| 193.15.92.167 | 421 |
| 66.131.62.208 | 370 |
| 64.182.81.74 | 329 |
| 216.82.220.172 | 323 |
I also had it generate a list of ports being attacked. Again, nothing surprising here:
| Port # | Port description | # connections |
|---|---|---|
| Port # | Port description | # connections |
| 4899 | Remote Administration | 8,892 |
| 139 | NetBIOS Session Service | 5,081 |
| 1433 | Microsoft SQL Server | 1,644 |
| 135 | Microsoft-RPC service | 1,071 |
| 445 | Microsoft-DS Service | 914 |
| 80 | Hypertext Transfer Protocol | 850 |
(Just a note—I was able to generate this data from the existing reports that ltpstat generated, but pulling just this information out of said reports required at least three processes per report. It was just as easy to have just the information required for this to be generated by ltpstat itself)
Dan the Network Engineer is planning on taking these reports and automatically blocking the offending IP addresses from scanning our network. Should be a pretty sweet setup once it gets going.
Two Pictures from The Data Center at The Company
![[Look! Blinken lights!]](/2006/03/22/rack1.jpg "Look! Blinken lights!")
Two more photos, this time from the Data Center.
![[Yeah, the color balance is off. It's a camera phone!]](/2006/03/22/rack2.jpg "Yeah, the color balance is off. It's a camera phone!")
Can you tell I really like this panoramic feature of the phone camera?
I also decided to add this vertical panoramic shot I took to the sidebar there to the right. Just because.
![[The future's so bright, I gotta wear shades]](https://www.conman.org/people/spc/about/2023/1023.t.jpg "The future's so bright, I gotta wear shades")