I currently have 7 applications running on port 2101, 2102 and so forth that are being attacked. Any idea on how I can resolve the matters other than banning the IP?
Those applications are supposed to accept connections from clients, but in this case it seems like the attacker is just using an application to connect to the port and act as if its the actual client.
Thanks for any suggestions.
First you actually firewall off the attacker’s IP address. If you didn’t do that already, there’s no point in discussing anything else.
Second, you can look up the owner of the IP address and contact the attacker’s ISP via their
abuse email address. Be prepared to provide firewall logs and other logs of their malicious activity.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.