Page 1 of 1

improper blocking on rdp port

Posted: 10 Feb 2023, 15:53
by tiagobarros
Hello!
I am having many blocks on port 38950 (rdp)
the ip (177.206.81.190) is trusted, but it is dynamic.
what can be done to solve this blocking?


7695 Feb 10 07:53:18 node113498-nginx lfd[18733]: *Port Scan* detected from 177.206.81.190 (BR/Brazil/177.206.81.190.dynamic.adsl.gvt.net.br). 11 hits in the last 175 seconds - *Blocked in csf* for 3600 secs
[PS_LIMIT]

Feb 10 07:51:26 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=177.206.81.190 DST=200.123.123.123 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=31127 DF PROTO=TCP SPT=62111 DPT=38950 WINDOW=64240 RES=0x00 SYN URGP=0
Feb 10 07:51:26 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=62.168.232.168 DST=200.123.123.123 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=27425 DF PROTO=TCP SPT=54743 DPT=38950 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Feb 10 07:51:27 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=177.206.81.190 DST=200.123.123.123 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=31128 DF PROTO=TCP SPT=62111 DPT=38950 WINDOW=64240 RES=0x00 SYN URGP=0
Feb 10 07:51:29 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=177.206.81.190 DST=200.123.123.123 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=31129 DF PROTO=TCP SPT=62111 DPT=38950 WINDOW=64240 RES=0x00 SYN URGP=0
Feb 10 07:51:29 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=62.168.232.168 DST=200.123.123.123 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=27426 DF PROTO=TCP SPT=54743 DPT=38950 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Feb 10 07:51:33 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=177.206.81.190 DST=200.123.123.123 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=31130 DF PROTO=TCP SPT=62111 DPT=38950 WINDOW=64240 RES=0x00 SYN URGP=0
Feb 10 07:51:35 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=62.168.232.168 DST=200.123.123.123 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=27427 DF PROTO=TCP SPT=54743 DPT=38950 WINDOW=8192 RES=0x00 SYN URGP=0
Feb 10 07:51:39 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=80.66.88.251 DST=200.123.123.123 LEN=52 TOS=0x02 PREC=0x00 TTL=119 ID=15436 DF PROTO=TCP SPT=58934 DPT=38950 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Feb 10 07:51:41 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=177.206.81.190 DST=200.123.123.123 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=31131 DF PROTO=TCP SPT=62111 DPT=38950 WINDOW=64240 RES=0x00 SYN URGP=0
Feb 10 07:51:42 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=80.66.88.251 DST=200.123.123.123 LEN=52 TOS=0x02 PREC=0x00 TTL=119 ID=15473 DF PROTO=TCP SPT=58934 DPT=38950 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Feb 10 07:51:43 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=138.99.216.76 DST=200.123.123.123 LEN=52 TOS=0x02 PREC=0x00 TTL=119 ID=6151 DF PROTO=TCP SPT=12279 DPT=38950 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Feb 10 07:51:46 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=138.99.216.76 DST=200.123.123.123 LEN=52 TOS=0x02 PREC=0x00 TTL=119 ID=6188 DF PROTO=TCP SPT=12279 DPT=38950 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Feb 10 07:51:46 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=167.248.133.167 DST=200.123.123.123 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28567 PROTO=TCP SPT=11896 DPT=49682 WINDOW=1024 RES=0x00 SYN URGP=0
Feb 10 07:52:12 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=177.206.81.190 DST=200.123.123.123 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=31132 DF PROTO=TCP SPT=22219 DPT=38950 WINDOW=64240 RES=0x00 SYN URGP=0
Feb 10 07:52:13 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=177.206.81.190 DST=200.123.123.123 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=31133 DF PROTO=TCP SPT=22219 DPT=38950 WINDOW=64240 RES=0x00 SYN URGP=0
Feb 10 07:52:15 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=177.206.81.190 DST=200.123.123.123 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=31134 DF PROTO=TCP SPT=22219 DPT=38950 WINDOW=64240 RES=0x00 SYN URGP=0
Feb 10 07:52:19 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=177.206.81.190 DST=200.123.123.123 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=31135 DF PROTO=TCP SPT=22219 DPT=38950 WINDOW=64240 RES=0x00 SYN URGP=0
Feb 10 07:52:19 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=167.94.138.110 DST=200.123.123.123 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=39678 PROTO=TCP SPT=44077 DPT=30005 WINDOW=1024 RES=0x00 SYN URGP=0
Feb 10 07:52:27 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=177.206.81.190 DST=200.123.123.123 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=31136 DF PROTO=TCP SPT=22219 DPT=38950 WINDOW=64240 RES=0x00 SYN URGP=0
Feb 10 07:52:42 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=79.124.62.130 DST=200.123.123.123 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=22293 PROTO=TCP SPT=51864 DPT=50219 WINDOW=1024 RES=0x00 SYN URGP=0
Feb 10 07:52:44 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=64.62.197.161 DST=200.123.123.123 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=56001 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 10 07:52:44 node113498-nginx kernel: Firewall: *UDP_IN Blocked* IN=venet0 OUT= MAC= SRC=119.74.229.108 DST=200.123.123.123 LEN=164 TOS=0x00 PREC=0x00 TTL=105 ID=7335 PROTO=UDP SPT=65408 DPT=63567 LEN=144
Feb 10 07:52:59 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=205.210.31.137 DST=200.123.123.123 LEN=44 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=53253 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 10 07:53:13 node113498-nginx kernel: Firewall: *UDP_IN Blocked* IN=venet0 OUT= MAC= SRC=154.89.5.68 DST=200.123.123.123 LEN=28 TOS=0x00 PREC=0x00 TTL=239 ID=35641 PROTO=UDP SPT=58914 DPT=888 LEN=8
Feb 10 07:53:17 node113498-nginx kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=177.206.81.190 DST=200.123.123.123 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=31137 DF PROTO=TCP SPT=13246 DPT=38950 WINDOW=64240 RES=0x00 SYN URGP=0