ZNC atau bouncer di salah satu vps saya akhir-akhir ini sering mengalami masalah koneksi, iseng-iseng periksa log firewalnya malam ini, ternyata ada banyak sekali percobaan scanning pada port di vps.
Untungnya belum ada yang nemu port yang dibuka di ufwnya, contohnya untuk koneksi ssh, kebanyakan masih random port. Namun secara sederhana, jika ada banyak request per detik, tentunya akan lumayan membebani.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
[783995.607315] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:d5:73:0b:50:xx SRC=46.17.102.98 DST=103.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=14098 PROTO=TCP SPT=50671 DPT=8824 WINDOW=1024 RES=0x00 SYN URGP=0 [783998.328900] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:d5:73:0b:50:xx SRC=45.155.205.149 DST=103.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=1159 PROTO=TCP SPT=8080 DPT=55220 WINDOW=1024 RES=0x00 SYN URGP=0 [784018.482379] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:d5:73:0b:50:xx SRC=46.17.102.98 DST=103.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=17842 PROTO=TCP SPT=50671 DPT=24 WINDOW=1024 RES=0x00 SYN URGP=0 [784035.105901] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:d5:73:0b:50:xx SRC=144.202.22.19 DST=103.xxx.xxx.xxx LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=42084 DF PROTO=TCP SPT=39890 DPT=21721 WINDOW=64240 RES=0x00 SYN URGP=0 [784080.864878] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:d5:73:0b:50:xx SRC=167.99.109.231 DST=103.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=8516 PROTO=TCP SPT=44806 DPT=5959 WINDOW=1024 RES=0x00 SYN URGP=0 [784083.782521] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:d5:73:0b:50:xx SRC=103.145.13.248 DST=103.xxx.xxx.xxx LEN=445 TOS=0x00 PREC=0x00 TTL=44 ID=18173 DF PROTO=UDP SPT=5205 DPT=65466 LEN=425 [784124.213704] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:d5:73:0b:50:xx SRC=209.160.40.13 DST=103.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=32804 DPT=1080 WINDOW=65535 RES=0x00 SYN URGP=0 [784128.153624] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:d5:73:0b:50:xx SRC=46.17.102.98 DST=103.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=5877 PROTO=TCP SPT=50671 DPT=9039 WINDOW=1024 RES=0x00 SYN URGP=0 [784139.051131] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:d5:73:0b:50:xx SRC=117.51.136.136 DST=103.xxx.xxx.xxx LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=58319 DF PROTO=TCP SPT=59362 DPT=6379 WINDOW=29200 RES=0x00 SYN URGP=0 [784162.943299] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:d5:73:0b:50:xx SRC=46.17.102.98 DST=103.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=58417 PROTO=TCP SPT=50671 DPT=8666 WINDOW=1024 RES=0x00 SYN URGP=0 [784175.192691] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:d5:73:0b:50:xx SRC=103.140.251.193 DST=103.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=17476 PROTO=TCP SPT=45140 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 [784201.287969] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:d5:73:0b:50:xx SRC=193.228.193.179 DST=103.xxx.xxx.xxx LEN=32 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=UDP SPT=35493 DPT=37810 LEN=12 [784225.414454] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:d5:73:0b:50:xx SRC=46.17.102.98 DST=103.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=21438 PROTO=TCP SPT=50671 DPT=9219 WINDOW=1024 RES=0x00 SYN URGP=0 [784278.905566] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:d5:73:0b:50:xx SRC=46.17.102.98 DST=103.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=23734 PROTO=TCP SPT=50671 DPT=6565 WINDOW=1024 RES=0x00 SYN URGP=0 [784279.057577] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:d5:73:0b:50:xx SRC=175.47.247.161 DST=103.xxx.xxx.xxx LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=4305 DF PROTO=TCP SPT=44964 DPT=6379 WINDOW=42340 RES=0x00 SYN URGP=0 [784289.639748] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:d5:73:0b:50:xx SRC=46.17.102.98 DST=103.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=7698 PROTO=TCP SPT=50671 DPT=2598 WINDOW=1024 RES=0x00 SYN URGP=0 [784320.947342] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:d5:73:0b:50:xx SRC=89.248.165.203 DST=103.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=48844 PROTO=TCP SPT=49357 DPT=40561 WINDOW=1024 RES=0x00 SYN URGP=0 [784325.090754] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:d5:73:0b:50:xx SRC=192.241.200.148 DST=103.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=51885 DPT=9200 WINDOW=65535 RES=0x00 SYN URGP=0 |
Ibaratnya ada orang yang datang ke rumah, lalu mencoba mengetuk satu jendela, kemudian dua jendela, kemudian semua jendela secara bergantian. Tentunya akan keder :))
Selanjutnya, misalkan nemu port ssh, akan tetap dihadang oleh verifikasi public key, jadi tidak perlu menghabiskan coba-coba untuk masuk :))
Andai kata berhasil login, vps akan mengirimkan email berisi konfirmasi login berhasil dari ip tadi, jadi masih ada waktu untuk mematikan vps dari panel :))