Matthew Seymour
Cadet
- Joined
- Nov 3, 2015
- Messages
- 2
This is the security output my question relates too.
freenas.[redacted].[redacted] login failures:
[date] [time] freenas sshd[50671]: Bad protocol version identification 'GET http://www.baidu.com/ HTTP/1.1' from 183.60.48.25
-- End of security output --
I am running the latest stable version of 9 that I updated to yesterday and continue to get these security messages.
I have previously when being a newbie had for a brief period SSH open although on a non standard port with Root logins enabled. I then turned off root logins and set up ssh keys since then I turned off port forwarding al together for SSH and set up OpenVPN in a jail instead. Over the past month or two I have been regularly seeing this (I should have done something about it sooner)
As a test I have turned off all port forwardings on my router and this message continues to appear. The IP 183.60.48.25 is from china but i have no idea how it's hitting my server as all port forwardings are turned off.
Whois output is from chine so certainly looks dodgy. But equally looks like a get request reaching my freenas SSH port but have no Idea how?
Anyone got any idea how screwed I might be or how it may be getting through?
freenas.[redacted].[redacted] login failures:
[date] [time] freenas sshd[50671]: Bad protocol version identification 'GET http://www.baidu.com/ HTTP/1.1' from 183.60.48.25
-- End of security output --
I am running the latest stable version of 9 that I updated to yesterday and continue to get these security messages.
I have previously when being a newbie had for a brief period SSH open although on a non standard port with Root logins enabled. I then turned off root logins and set up ssh keys since then I turned off port forwarding al together for SSH and set up OpenVPN in a jail instead. Over the past month or two I have been regularly seeing this (I should have done something about it sooner)
As a test I have turned off all port forwardings on my router and this message continues to appear. The IP 183.60.48.25 is from china but i have no idea how it's hitting my server as all port forwardings are turned off.
Whois output is from chine so certainly looks dodgy. But equally looks like a get request reaching my freenas SSH port but have no Idea how?
Anyone got any idea how screwed I might be or how it may be getting through?
% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
% Information related to '183.0.0.0 - 183.63.255.255'
inetnum: 183.0.0.0 - 183.63.255.255
netname: CHINANET-GD
descr: CHINANET Guangdong province network
descr: Data Communication Division
descr: China Telecom
country: CN
admin-c: IC83-AP
tech-c: IC83-AP
status: ALLOCATED PORTABLE
remarks: service provider
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: To report network abuse, please contact the IRT
remarks: For troubleshooting, please contact tech-c and admin-c
remarks: For assistance, please contact the APNIC Helpdesk
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINANET-GD
source: APNIC
mnt-irt: IRT-CHINANET-CN
changed: hm-changed@apnic.net 20091009
irt: IRT-CHINANET-CN
address: No.31 ,jingrong street,beijing
address: 100032
e-mail: anti-spam@ns.chinanet.cn.net
abuse-mailbox: anti-spam@ns.chinanet.cn.net
admin-c: CH93-AP
tech-c: CH93-AP
auth: # Filtered
mnt-by: MAINT-CHINANET
changed: anti-spam@ns.chinanet.cn.net 20101115
source: APNIC
person: IPMASTER CHINANET-GD
nic-hdl: IC83-AP
e-mail: gdnoc_HLWI@189.cn
address: NO.18,RO. ZHONGSHANER,YUEXIU DISTRIC,GUANGZHOU
phone: +86-20-87189274
fax-no: +86-20-87189274
country: CN
changed: ipadm@189.cn 20110418
changed: zhengzm@gsta.com 20140922
mnt-by: MAINT-CHINANET-GD
remarks: IPMASTER is not for spam complaint,please send spam complaint to abuse_gdnoc@189.cn
abuse-mailbox: antispam_gdnoc@189.cn
source: APNIC
% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (UNDEFINED)
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
% Information related to '183.0.0.0 - 183.63.255.255'
inetnum: 183.0.0.0 - 183.63.255.255
netname: CHINANET-GD
descr: CHINANET Guangdong province network
descr: Data Communication Division
descr: China Telecom
country: CN
admin-c: IC83-AP
tech-c: IC83-AP
status: ALLOCATED PORTABLE
remarks: service provider
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: To report network abuse, please contact the IRT
remarks: For troubleshooting, please contact tech-c and admin-c
remarks: For assistance, please contact the APNIC Helpdesk
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINANET-GD
source: APNIC
mnt-irt: IRT-CHINANET-CN
changed: hm-changed@apnic.net 20091009
irt: IRT-CHINANET-CN
address: No.31 ,jingrong street,beijing
address: 100032
e-mail: anti-spam@ns.chinanet.cn.net
abuse-mailbox: anti-spam@ns.chinanet.cn.net
admin-c: CH93-AP
tech-c: CH93-AP
auth: # Filtered
mnt-by: MAINT-CHINANET
changed: anti-spam@ns.chinanet.cn.net 20101115
source: APNIC
person: IPMASTER CHINANET-GD
nic-hdl: IC83-AP
e-mail: gdnoc_HLWI@189.cn
address: NO.18,RO. ZHONGSHANER,YUEXIU DISTRIC,GUANGZHOU
phone: +86-20-87189274
fax-no: +86-20-87189274
country: CN
changed: ipadm@189.cn 20110418
changed: zhengzm@gsta.com 20140922
mnt-by: MAINT-CHINANET-GD
remarks: IPMASTER is not for spam complaint,please send spam complaint to abuse_gdnoc@189.cn
abuse-mailbox: antispam_gdnoc@189.cn
source: APNIC
% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (UNDEFINED)
