How are servers found on the internet that have no name registration?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How are servers found on the internet that have no name registration?
I don't know, if people have this problem. Recently I saw a video of a person talking about it in youtube, and I found myself related to it. It seems that when you set up a server on the internet you very rapidly you start getting ssh dictionary attacks, even though you have a dynamic ip assignment and no name registration. I've tried in the past to do a network lookup for my subnet internet provider to see if I can see other computers, but it seems that the network provider blocks those messages.
So I'm curious how are hostile users of the internet finding servers so fast?
If anyone can bring some light to this problem will be appreciated.
Computing power has caught up with all that: It's quite affordable nowadays to fire up a pool of servers, AWS for example, and check each and ever port on every last IPv4 address in a matter of hours. The same can be said for the known IPv6 space (the ranges in actual use).
Here are two interesting links on that topic, one old, one new:
People use scanner tools that don't care about the name. They just scan entire netblocks for a port, say 22, then record that. This data is then passed on to another tool. nmap can do this. The ip6 address space is much quieter (at the moment).
COMCAST (Xfinity) does network scanning on their subnets, and some threat actors do as well. My average time between getting a new device on the network and seeing dictionary attack activity averages right about ten minutes. (Some days as little as a minute or two, some days nearly half an hour.)
Never assume that name services can make you safe, they only make identifying nodes by name more convenient for PEOPLE. The hardware doesn't care, the criminals do not care.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.