[sg-hub] Unusual activity

Mark Anthony De Castro mark.decastro at gmail.com
Fri Jul 22 08:29:26 SGT 2016 

A good practice is to allow ssh to specific IP or IP block only..

Sent from my iPhone

> On Jul 22, 2016, at 8:27 AM, Soragan Ong <soragan.ong at alagasnetwork.com> wrote:
> 
> ic, the ssh typhoon just happen to move passing my network range then :) glad to know it’s not new massive attack on Internet, thanks
> 
> best regards
> soragan
> 
>> On 22 Jul 2016, at 8:21 AM, Tom Paseka <tom at cloudflare.com> wrote:
>> 
>> There are hundreds of thousands of bots out there discovering if SSH is open. Nothing to be alarmed about.
>> 
>> -Tom
>> 
>>> On Thu, Jul 21, 2016 at 5:19 PM, Soragan Ong <soragan.ong at alagasnetwork.com> wrote:
>>> i have a firewall that will blacklist IP address that trying to do SSH connection more than 5/sec and it will be keep for 7 days, just wondering if i were being targeted or singapore networks or maybe a new virus/worm spreading. i have randomly check some IP and it ranges from europe to south america. usually i would only see such blacklist in <1k
>>> 
>>> Thanks
>>> Soragan
>>> 
>>>> On 22 Jul 2016, at 1:49 AM, Tom Paseka <tom at cloudflare.com> wrote:
>>>> 
>>>> What is the full log? What is actually being blocked.
>>>> 
>>>> There is a lot of back scatter on the internet, more information would help to advise what you're seeing. The log there also shows several different ISPs.
>>>> 
>>>> -Tom
>>>> 
>>>>> On Wed, Jul 20, 2016 at 7:05 PM, Soragan Ong <soragan.ong at alagasnetwork.com> wrote:
>>>>> Dear Ops,
>>>>> 
>>>>> i am getting very strange activity, over 340k IP blacklisted for past 7 days, a very unusual high number of IP, is it just my network or something is happening in the Internet? Anyone else experiencing similar attacks? I notice most of the IP addresses belong to same /16 group.
>>>>> 
>>>>> Best Regards
>>>>> Soragan
>>>>> <unusual activity.png>
>>>>> 
>>>>> _______________________________________________
>>>>> Sghub mailing list
>>>>> Sghub at list.sgnog.net
>>>>> http://list.sgnog.net/listinfo/sghub
>>>>> 
>>>> 
>>> 
>> 
> 
> _______________________________________________
> Sghub mailing list
> Sghub at list.sgnog.net
> http://list.sgnog.net/listinfo/sghub
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.sgnog.net/pipermail/sghub/attachments/20160722/494784f3/attachment-0001.html>

More information about the Sghub mailing list