[sg-hub] Unusual activity

Soragan Ong soragan.ong at alagasnetwork.com
Fri Jul 22 08:27:29 SGT 2016 

ic, the ssh typhoon just happen to move passing my network range then :) glad to know it’s not new massive attack on Internet, thanks

best regards
soragan

> On 22 Jul 2016, at 8:21 AM, Tom Paseka <tom at cloudflare.com> wrote:
> 
> There are hundreds of thousands of bots out there discovering if SSH is open. Nothing to be alarmed about.
> 
> -Tom
> 
> On Thu, Jul 21, 2016 at 5:19 PM, Soragan Ong <soragan.ong at alagasnetwork.com <mailto:soragan.ong at alagasnetwork.com>> wrote:
> i have a firewall that will blacklist IP address that trying to do SSH connection more than 5/sec and it will be keep for 7 days, just wondering if i were being targeted or singapore networks or maybe a new virus/worm spreading. i have randomly check some IP and it ranges from europe to south america. usually i would only see such blacklist in <1k
> 
> Thanks
> Soragan
> 
>> On 22 Jul 2016, at 1:49 AM, Tom Paseka <tom at cloudflare.com <mailto:tom at cloudflare.com>> wrote:
>> 
>> What is the full log? What is actually being blocked.
>> 
>> There is a lot of back scatter on the internet, more information would help to advise what you're seeing. The log there also shows several different ISPs.
>> 
>> -Tom
>> 
>> On Wed, Jul 20, 2016 at 7:05 PM, Soragan Ong <soragan.ong at alagasnetwork.com <mailto:soragan.ong at alagasnetwork.com>> wrote:
>> Dear Ops,
>> 
>> i am getting very strange activity, over 340k IP blacklisted for past 7 days, a very unusual high number of IP, is it just my network or something is happening in the Internet? Anyone else experiencing similar attacks? I notice most of the IP addresses belong to same /16 group.
>> 
>> Best Regards
>> Soragan
>> <unusual activity.png>
>> 
>> _______________________________________________
>> Sghub mailing list
>> Sghub at list.sgnog.net <mailto:Sghub at list.sgnog.net>
>> http://list.sgnog.net/listinfo/sghub <http://list.sgnog.net/listinfo/sghub>
>> 
>> 
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.sgnog.net/pipermail/sghub/attachments/20160722/8ed0d842/attachment.html>

More information about the Sghub mailing list