J’ai pu observer des requetes de ce type :

45.146.166.156 - - [14/Oct/2021:11:42:23 +0200] "\x03" 400 0 "-" "-"
89.248.165.23 - - [13/Oct/2021:05:43:09 +0200] "\x03" 400 0 "-" "-"
45.141.87.54 - - [13/Oct/2021:18:52:16 +0200] "\x03" 400 0 "-" "-"

Dans le route je bloque donc les IP :

# iptables -A INPUT -s 45.146.166.156  -j DROP
# iptables -A INPUT -s 89.248.165.23  -j DROP
# iptables -A INPUT -s 45.141.87.54  -j DROP
# /usr/sbin/iptables-save > /etc/iptables/rules.v4

A suivre.

A noter, que quand c’est Russian Federation c’est pas pour mon bien … Misère :

IP Address	Country	Region	City
45.141.87.54	Russian Federation	Sankt-Peterburg	Saint Petersburg

IP Address	Country	Region	City
45.146.166.156	Russian Federation	Moskva	Moscow

Update, je pense qu’il y a plusieurs requetes :

# grep '\x03' /var/log/apache2/access.* | sed 's/:/ /g' | awk '{print $2 " " $10}' | sort -n | uniq -c
      1 45.141.87.54 "\x03"
      1 45.146.166.156 "\x03"
      1 89.248.165.23 "\x03"
      4 121.46.25.189 "\x16\x03\x01"
      1 183.136.225.42 "\x16\x03\x01\x02"
      3 185.193.88.50 "\x03"
      2 200.37.200.185 "\x16\x03\x01"

Pour les IP :

IP Address	Country	Region	City
200.37.200.185	Peru	Cusco	Cusco
ISP	Organization	Latitude	Longitude
Zotac Tacna	Not Available	-13.5183	-71.9781

IP Address	Country	Region	City
183.136.225.42	China	Zhejiang	Jiaxing
ISP	Organization	Latitude	Longitude
ChinaNet Zhejiang Province Network	Not Available	30.7522	120.7500

IP Address	Country	Region	City
121.46.25.189	China	Guangdong	Guangzhou
ISP	Organization	Latitude	Longitude
Guangdong Aofei Data Technology Co. Ltd.	Not Available	23.1167	113.2500