185.87.26.121. Ideal hosting in turkey. By now i probably have several gigs of these port attacks after beginning my monitoring at 3:30 AM this and a 52 or 54.x.x.x. My machine is under attack BUT when i hear the fans start up I input this:
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off
This generally works to cut out any foot hold they may have gained, I am also behind a hotspot with added security, which really isnt all that helpful but its one step added for them to get through. Next step is a VPN which i am reluctant to do but probably will.
Im not even exaggerating about this servers assault on my ports, at this point its probably tens of thousands of logs from the same IP. i thin my hot spot and fire tab are compromised as they are on the murus firewall logs as blocked incoming. But it worked for a day to mitigate attacks, using my set top box as a stage between my router in hotspot mode.
I also monitor every web session with tcpdump, opensnoop and tail syslogs. At this point Murus adaptive port blocking is up to 250 private dynamic ports.
11:06:51.264841 IP 185.87.26.121.80 > 192.168.43.208.58350: Flags [.], seq 3805495142:3805496582, ack 574178429, win 130, options [nop,nop,TS val 1918025634 ecr 896006630], length 1440: HTTP
11:06:51.265301 IP 185.87.26.121.80 > 192.168.43.208.58350: Flags [.], seq 3805496582:3805498022, ack 574178429, win 130, options [nop,nop,TS val 1918025634 ecr 896006630], length 1440: HTTP
11:06:51.265358 IP 192.168.43.208.58350 > 185.87.26.121.80: Flags [.], ack 3805498022, win 609, options [nop,nop,TS val 896006845 ecr 1918025634], length 0
11:06:51.269811 IP 185.87.26.121.80 > 192.168.43.208.58350: Flags [.], seq 3805498022:3805499462, ack 574178429, win 130, options [nop,nop,TS val 1918025634 ecr 896006630], length 1440: HTTP
11:06:51.269819 IP 185.87.26.121.80 > 192.168.43.208.58350: Flags [.], seq 3805499462:3805500902, ack 574178429, win 130, options [nop,nop,TS val 1918025634 ecr 896006630], length 1440: HTTP
11:06:51.269821 IP 185.87.26.121.80 > 192.168.43.208.58350: Flags [.], seq 3805500902:3805502342, ack 574178429, win 130, options [nop,nop,TS val 1918025634 ecr 896006630], length 1440: HTTP
11:06:51.269823 IP 185.87.26.121.80 > 192.168.43.208.58350: Flags [.], seq 3805502342:3805503782, ack 574178429, win 130, options [nop,nop,TS val 1918025634 ecr 896006630], length 1440: HTTP
11:06:51.269826 IP 185.87.26.121.80 > 192.168.43.208.58350: Flags [.], seq 3805503782:3805505222, ack 574178429, win 130, options [nop,nop,TS val 1918025635 ecr 896006632], length 1440: HTTP
11:06:51.269828 IP 185.87.26.121.80 > 192.168.43.208.58350: Flags [.], seq 3805505222:3805506662, ack 574178429, win 130, options [nop,nop,TS val 1918025635 ecr 896006632], length 1440: HTTP
11:06:51.269830 IP 185.87.26.121.80 > 192.168.43.208.58350: Flags [.], seq 3805506662:3805508102, ack 574178429, win 130, options [nop,nop,TS val 1918025635 ecr 896006632], length 1440: HTTP
11:06:51.269928 IP 192.168.43.208.58350 > 185.87.26.121.80: Flags [.], ack 3805500902, win 519, options [nop,nop,TS val 896006849 ecr 1918025634], length 0
11:06:51.269960 IP 192.168.43.208.58350 > 185.87.26.121.80: Flags [.], ack 3805503782, win 429, options [nop,nop,TS val 896006849 ecr 1918025634], length 0
11:06:51.269992 IP 192.168.43.208.58350 > 185.87.26.121.80: Flags [.], ack 3805506662, win 339, options [nop,nop,TS val 896006849 ecr 1918025635], length 0
11:06:51.270297 IP 185.87.26.121.80 > 192.168.43.208.58350: Flags [.], seq 3805508102:3805509542, ack 574178429, win 130, options [nop,nop,TS val 1918025635 ecr 896006632], length 1440: HTTP
11:06:51.270350 IP 192.168.43.208.58350 > 185.87.26.121.80: Flags [.], ack 3805509542, win 249, options [nop,nop,TS val 896006849 ecr 1918025635], length 0
11:06:51.270755 IP 185.87.26.121.80 > 192.168.43.208.58350: Flags [.], seq 3805509542:3805510982, ack 574178429, win 130, options [nop,nop,TS val 1918025635 ecr 896006632], length 1440: HTTP
11:06:51.271229 IP 185.87.26.121.80 > 192.168.43.208.58350: Flags [.], seq 3805510982:3805512422, ack 574178429, win 130, options [nop,nop,TS val 1918025635 ecr 896006632], length 1440: HTTP
11:06:51.271268 IP 192.168.43.208.58350 > 185.87.26.121.80: Flags [.], ack 3805512422, win 159, options [nop,nop,TS val 896006850 ecr 1918025635], length 0
11:06:51.271701 IP 185.87.26.121.80 > 192.168.43.208.58350: Flags [.], seq 3805512422:3805513862, ack 574178429, win 130, options [nop,nop,TS val 1918025635 ecr 896006632], length 1440: HTTP
11:06:51.272174 IP 185.87.26.121.80 > 192.168.43.208.58350: Flags [.], seq 3805513862:3805515302, ack 574178429, win 130, options [nop,nop,TS val 1918025635 ecr 896006632], length 1440: HTTP