I run a small, private e-mail system as part of a private cloud.
A port scan brings up a server from Soviet Russia attempting to attack port 25/tcp, despite having been blocked for WEEKS (the e-mail server auto-bans nodes for a YEAR).
I am also getting traffic from a compromised node in Tennessee, on port 5900/tcp.
Access to that service is limited to nodes within the VoiceStream GPRS network, since they are my ISP.
On the road, I simply connect my phone to my laptop—there should not be any reason as to why I would need to connect to unsecured Wi-Fi anyway.
(Current IP address: 208.54.86.228—belongs to T-Mobile USA, just as expected.)
I also get periodic attacks on the SSH and RDP ports, primarily from Red China.
This private cloud is hosted on ten-year-old hardware. Getting it secured wasn’t terribly hard, considering the age of the software.
The government, by law, is required to use the latest software, to protect against attacks of this nature, among other things.
If I can stop hackers at my door, while still using Windows Server 2000 (don’t laugh), why is the government unable to do the same (with the latest software and support), given that they have more than enough resources to do so?
They’ll say they are underfunded and just need more money.
Port 443 and a random numbered port are all I have open on all my servers. You should not have ssh on port 22, you should put it on a random port and someone hits 22, block them.
My husband’s computer has been getting log in requests for our cloud server on port 5900 from an IP address in the Netherlands for weeks.
I think that the government must not want to secure its computers. Maybe it’s just using political hires who know nothing.