[sg-hub] Unusual activity
Tom Paseka
tom at cloudflare.com
Fri Jul 22 08:21:00 SGT 2016
There are hundreds of thousands of bots out there discovering if SSH is
open. Nothing to be alarmed about.
-Tom
On Thu, Jul 21, 2016 at 5:19 PM, Soragan Ong <soragan.ong at alagasnetwork.com>
wrote:
> i have a firewall that will blacklist IP address that trying to do SSH
> connection more than 5/sec and it will be keep for 7 days, just wondering
> if i were being targeted or singapore networks or maybe a new virus/worm
> spreading. i have randomly check some IP and it ranges from europe to south
> america. usually i would only see such blacklist in <1k
>
> Thanks
> Soragan
>
> On 22 Jul 2016, at 1:49 AM, Tom Paseka <tom at cloudflare.com> wrote:
>
> What is the full log? What is actually being blocked.
>
> There is a lot of back scatter on the internet, more information would
> help to advise what you're seeing. The log there also shows several
> different ISPs.
>
> -Tom
>
> On Wed, Jul 20, 2016 at 7:05 PM, Soragan Ong <
> soragan.ong at alagasnetwork.com> wrote:
>
>> Dear Ops,
>>
>> i am getting very strange activity, over 340k IP blacklisted for past 7
>> days, a very unusual high number of IP, is it just my network or something
>> is happening in the Internet? Anyone else experiencing similar attacks? I
>> notice most of the IP addresses belong to same /16 group.
>>
>> Best Regards
>> Soragan
>> <unusual activity.png>
>>
>> _______________________________________________
>> Sghub mailing list
>> Sghub at list.sgnog.net
>> http://list.sgnog.net/listinfo/sghub
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.sgnog.net/pipermail/sghub/attachments/20160721/791bb8ce/attachment.html>
More information about the Sghub
mailing list