[EAS] [BC] EAS Zombie Attack

[Alex Hartman]

Good advice, and yes, being on a college campus, i see tons of zombie
machines (no pun intended) trying to brute force into various devices
on my LAN at the station. The campus IT staff would normally VLAN us
away from the rest, but we do events on campus that use IP gear, so
it'd shoot us in the foot. (apparently the cisco guy on campus doesn't
know what he's doing most of the time)

I get so many port scans of various items on a daily basis it's hard
to wade through all the logs at times. My web stream PC generates
around 10Gb of logs a month. Once parsed out for valid traffic, it's
down to 2Mb, the rest is port scans, failed attempts (and subsequent
automatic firewall rules being generated), and 404 errors for
robots.txt.

Unfortunately for a machine "forward facing" on 3 ports only (web,
8000 and my ssh port) it still manages this many "attacks".

I can only imagine what some other gear is getting. The network guys
say that around 3-4Mbit constantly is just bots and zombies looking
around, along with the campus spider looking for unregistered stuff
and sniffing for anti-virus installs. (somehow they can detect when a
PC does not have it, and they shut down the port automatically)

--
Alex Hartman