The NOC raptor has updated our drop list, adding a handful of ASNs and network ranges to the table. We have been seeing a lot of website related scanning and some attempts. Probably should look into getting Fail2Ban running on the web server at some point in the future.
Category: Network
Post dealing with changes to how we route packets and configure our network.
All of the routers on our primary server have been updated and it appears that nothing goofed up 🙂
I am catching up on updates to our routers, along with some service VMs, and then will start making my way across the network updating everything else. Some services might appear offline momentarily as VMs reboot after each update.
Updates Completed On:
– Routers
— kc.mo.us.routed
— kc.mo.us.catos
— kc.mo.us.ikus
— kc.mo.us.nardoragon
— kc.mo.us.ipv6
– VMs
— Games-3P
— NS1
— NS2
— Web
— Mail
– Malware RPZ Zone
— Two updates back to back because some more malware domains showed up this morning in the logs. Rewrite all the things to NXDOMAIN….
Seems our caching service and our temporary anti-VPN stance with the ongoing issue with a specific individual caused the caching service to pickup the VPN block page and display it as our homepage. I let the NOC know what appears to be happening and they should be working this shortly. Sorry for the oops.