[sg-hub] Unusual activity
Soragan Ong
soragan.ong at alagasnetwork.com
Fri Jul 22 08:19:57 SGT 2016
i have a firewall that will blacklist IP address that trying to do SSH connection more than 5/sec and it will be keep for 7 days, just wondering if i were being targeted or singapore networks or maybe a new virus/worm spreading. i have randomly check some IP and it ranges from europe to south america. usually i would only see such blacklist in <1k
Thanks
Soragan
> On 22 Jul 2016, at 1:49 AM, Tom Paseka <tom at cloudflare.com> wrote:
>
> What is the full log? What is actually being blocked.
>
> There is a lot of back scatter on the internet, more information would help to advise what you're seeing. The log there also shows several different ISPs.
>
> -Tom
>
> On Wed, Jul 20, 2016 at 7:05 PM, Soragan Ong <soragan.ong at alagasnetwork.com <mailto:soragan.ong at alagasnetwork.com>> wrote:
> Dear Ops,
>
> i am getting very strange activity, over 340k IP blacklisted for past 7 days, a very unusual high number of IP, is it just my network or something is happening in the Internet? Anyone else experiencing similar attacks? I notice most of the IP addresses belong to same /16 group.
>
> Best Regards
> Soragan
> <unusual activity.png>
>
> _______________________________________________
> Sghub mailing list
> Sghub at list.sgnog.net <mailto:Sghub at list.sgnog.net>
> http://list.sgnog.net/listinfo/sghub <http://list.sgnog.net/listinfo/sghub>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.sgnog.net/pipermail/sghub/attachments/20160722/ab6a3ad7/attachment.html>
More information about the Sghub
mailing list