One day after my post about Venafi setting off a host based intrusion detection alert on my email server, and me wondering if Venafi is a front for the NSA since they are stationed in Utah where the NSA's gigantic datacenter is; I get another interesting alert. This time from an IP address in Ashburn Virginia!
What is only 30 minutes away from Ashburn Virginia? Oh, just CIA Headquarters in Langley Virginia!
The alert I got was a little more aggressive than that from Venafi. This one was fired off as a "Possible attack on the ssh server (or version gathering)."
I get it. Just because Venafi is out of Utah, and the NSA is out of Utah doesn't make them both NSA. Also, just because this IP is out of Virginia, and the CIA are in Virginia doesn't mean that it's the CIA trying to hack my email. Still though, the timing of it is suspicious don't you think? One day after possibly outing a NSA front?
Just to be cautious I added firewall rules to block the following IP ranges from the ISP out of Virginia:
126.96.36.199/16Hopefully that will keep the Virginia farm boys from snooping in my email.