After several spam comments, I get another port scanning activity from China IP.
Add them to your blocked lists.
Time:Â Â Wed Mar 30 18:13:01 2011 +0700
IP:Â Â Â 183.25.23.253 (CN/China/-)
Hits:Â Â 11
Blocked: Temporary Block
Sample of block hits:
Mar 30 18:10:43 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=183.25.23.253 DST=174.138.xxx.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=21591 DF PROTO=TCP SPT=2356 DPT=2011 WINDOW=65535 RES=0x00 SYN URGP=0
Mar 30 18:10:49 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=183.25.23.253 DST=174.138.xxx.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=32534 DF PROTO=TCP SPT=2356 DPT=2011 WINDOW=65535 RES=0x00 SYN URGP=0
Mar 30 18:11:01 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=183.25.23.253 DST=174.138.xxx.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=49023 DF PROTO=TCP SPT=3285 DPT=2011 WINDOW=65535 RES=0x00 SYN URGP=0
Mar 30 18:11:04 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=183.25.23.253 DST=174.138.xxx.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=52883 DF PROTO=TCP SPT=3285 DPT=2011 WINDOW=65535 RES=0x00 SYN URGP=0
Mar 30 18:11:10 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=183.25.23.253 DST=174.138.xxx.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=62635 DF PROTO=TCP SPT=3285 DPT=2011 WINDOW=65535 RES=0x00 SYN URGP=0
Mar 30 18:11:22 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=183.25.23.253 DST=174.138.xxx.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=642 DF PROTO=TCP SPT=4005 DPT=2011 WINDOW=65535 RES=0x00 SYN URGP=0
Mar 30 18:11:25 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=183.25.23.253 DST=174.138.xxx.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=1380 DF PROTO=TCP SPT=4005 DPT=2011 WINDOW=65535 RES=0x00 SYN URGP=0
Article Source : http://blog.erawanarifnugroho.com/2011/03/30/port-scanning-from-china.html