Hi all,
I'm just taking a look through our Zabbix logs to see if there's anything our monitoring is missing and I've come across the following in zabbix_server.log
Having checked out the IP Addresses via whois and other tools, it seems that these IP addresses are ToR exit routers and all came within 10 seconds of each other.
My guess is some script kiddie is scanning our Zabbix server and portscanning known Zabbix ports. I'm going to do more checking, but in the meantime has anyone else encountered this recently and have a more sensible suggestion than mine ?
Regards,
D.
I'm just taking a look through our Zabbix logs to see if there's anything our monitoring is missing and I've come across the following in zabbix_server.log
Code:
1536041:20220317:205207.742 housekeeper [deleted 5830 hist/trends, 0 items/triggers, 0 events, 0 problems, 0 sessions, 0 alarms, 0 audit, 0 records in 0.205930 sec, idle for 1 hour(s)] 1536074:20220317:205828.781 Message from 185.220.101.51 is missing header. Message ignored. 1536076:20220317:205832.945 Message from 23.129.64.215 is missing header. Message ignored. 1536077:20220317:205836.593 Message from 45.154.255.147 is missing header. Message ignored. 1536076:20220317:205839.878 Message from 45.154.255.147 is missing header. Message ignored.
My guess is some script kiddie is scanning our Zabbix server and portscanning known Zabbix ports. I'm going to do more checking, but in the meantime has anyone else encountered this recently and have a more sensible suggestion than mine ?
Regards,
D.