Hi All,
My server has been undergoing a DoS attack over the past 24 hours. A device from 8.211.162.45 (Alibaba Cloud) is attempting to connect maliciously. As shown in the logs, the device connects and then eventually disconnects, but there is no trace of this device in the user interface.
I would like to inquire whether we need all the ports in the 5000 range, or if there is a way to disable all 5000 range ports except for the one I use in my environment.
2024-12-25 11:08:50 INFO: [Ta02f9545] connected
2024-12-25 11:08:50 INFO: [Ta02f9545: osmand < 127.0.0.1] 504f5354202f20485454502f312e310d0a582d466f727761726465642d50726f746f3a2068747470730d0a557365722d4167656e743a20476f2d687474702d636c69656e742f312e310d0a582d466f727761726465642d466f723a20382e3231312e3136322e34350d0a582d466f727761726465642d506f72743a203434330d0a582d416d7a6e2d54726163652d49643a20526f6f743d312d36373662653763312d3731333935356437313436383231383536363935663830610d0a436f6e74656e742d547970653a206170706c69636174696f6e2f646e732d6d6573736167650d0a5669613a20312e312069702d3137322d33312d32352d3137300d0a582d466f727761726465642d466f723a203137322e33312e34372e39360d0a582d466f727761726465642d50726f746f3a20687474700d0a582d466f727761726465642d486f73743a2033352e3135342e3136392e36380d0a582d466f727761726465642d5365727665723a203137322e33312e32352e3137300d0a486f73743a206c6f63616c686f73743a353035350d0a436f6e74656e742d4c656e6774683a2032390d0a0d0ab8be01000001000000000000076578616d706c6503636f6d0000010001
2024-12-25 11:08:50 INFO: [Ta02f9545: osmand > 127.0.0.1] HTTP/1.1 400 Bad Request\r\ncontent-length: 0\r\n\r\n
2024-12-25 11:08:50 INFO: [Ta02f9545: osmand < 127.0.0.1] POST / HTTP/1.1\r\nX-Forwarded-Proto: https\r\nUser-Agent: Go-http-client/1.1\r\nX-Forwarded-For: 8.211.162.45\r\nX-Forwarded-Port: 443\r\nX-Amzn-Trace-Id: Root=1-676be7c2-2931223d60c014006eb3bd9a\r\nContent-Type: application/dns-message\r\nVia: 1.1 ip-172-31-25-170\r\nX-Forwarded-For: 172.31.47.96\r\nX-Forwarded-Proto: http\r\nX-Forwarded-Host: 35.1xx.x.x\r\nX-Forwarded-Server: 172.31.25.170\r\nHost: localhost:5055\r\nContent-Length: 29\r\n\r\n
2024-12-25 11:08:50 INFO: [Ta02f9545: osmand < 127.0.0.1] 90a101000001000000000000076578616d706c6503636f6d0000010001
2024-12-25 11:08:50 INFO: [Ta02f9545: osmand > 127.0.0.1] HTTP/1.1 400 Bad Request\r\ncontent-length: 0\r\n\r\n
2024-12-25 11:09:20 INFO: [Ta02f9545] disconnected
You should disable ports that you don't use.
Hi All,
My server has been undergoing a DoS attack over the past 24 hours. A device from 8.211.162.45 (Alibaba Cloud) is attempting to connect maliciously. As shown in the logs, the device connects and then eventually disconnects, but there is no trace of this device in the user interface.
I would like to inquire whether we need all the ports in the 5000 range, or if there is a way to disable all 5000 range ports except for the one I use in my environment.