How’s your stuff doing? Unplanned interruptions or achieving uptime records?
I’m currently sailing rather smooth. Most of my stuff is migrated to Komodo, there will stay some exceptions and I only have to migrate Lemmy itself I think. Of course that’s when I found a potential replacement but I’ll let it sit for a while before touching it again. Enjoying the occasional Merge Request notification from the Renovate Bot and knowing my stuff is mostly up to date.
I’m thinking about setting up some kind of Wiki for my other niche hobby (Netrunner LCG) lore as there’s a fandom one that most people avoid touching and updating but since I likely won’t have time to start writing some articles on my own as a kickoff I’m hesitant. Also not sure which wiki I’d choose as well.
Everything here is smooth sailing. I have been trying to track down a bothersome Suricata entry.
202.136.163.11 PROTOCOL-ICMP destination unreachable port unreachable packet detected 202.136.163.11 PROTOCOL-ICMP destination unreachable port unreachable packet detected 202.136.163.11 PROTOCOL-ICMP destination unreachable port unreachable packet detected 202.136.163.11 PROTOCOL-ICMP destination unreachable port unreachable packet detectedad nauseum. There are three individual ips. One from Singapore, one from China and one from Romania. They are being blocked, so that’s good. Thing is, these are from realitvly ‘clean’ sources:
120.132.37.195 was not found in our database202.136.163.11 was found in our database! This IP was reported 5 times. Confidence of Abuse is 0%:On the server side, I have nothing calling out to these ip. That’s what was really bugging me. Nothing server side, just these three bothersome ip hammering Suricata. Generally, I would dismiss as benign and part of normal UDP behavior. However, it’s the constant hammering that makes me suspicious. Could be high volume port scanning. However, it could also be known attack campaigns like UDP amplification attempts.
Other than that, I might find something to get into today.