Ok, so according to the firewall logs, there's a LOT of traffic being rejected.
Looking up IPs, it's coming from all over the world, mainly Asia: lot of traffic rejected from China, India, Taiwan, Hong Kong, etc... (I have almost no legit users there)
But that says very little... Could be my neighbor with a proxy.
So, is it:
- robots attempting to connect to everything... To be ignored?
- people actively scanning for holes? ... What to do?
They are attempting connections to all the servers (won't go into details), including a dead, unused box, the firewall, etc..
Nobody's getting in, but it's making me nervous.
Target has value, a breach would be the end of my IT career; a serious dent in the businss of my current company.
A honeypot? Good or bad idea?
- Would it make the target look more valuable? (bad)
- Make the robots stop and log: hey try this thing. (bad)
- Or just provide me with more information. (good).
- or???