Mailing List ecs-isp@2rosenthals.com Archived Message #51

From: "Lewis G Rosenthal" <ecs-isp@2rosenthals.com> Full Headers
Undecoded message
Subject: Re: [eCS-ISP] pings from AWS IPs/servers
Date: Wed, 5 Feb 2020 14:08:23 -0500
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>

Hi, Max...

On 02/05/20 06:17 am, Massimo S. wrote:
Hi all,

anyone has the same experience?

my webserver is being pinged by at least 113 differents IPs/servers
all with fqdn like "ecs-......compute.amazonaws.com"

i'm writing deny rules, since i've enough that someone ping my webserver
i'm at 113 rules at the moment 8-)

any comment?
any idea?
why they ping my server?
maybe it's a botnet?


No idea.
Here, looking at today's stats, we're being hit by two IPs from Panama (about 300 packets in total - LOL).

Last month, our biggest offenders came from Ireland and Panama. These appear to have been SQL injection attempts. The Panamanian host appears to be coming from directwebhost.org.

The largest number of intrusion attempts would have come from Iran last month (not surprisingly), but we block all incoming connections from Iran, so these were dropped at the firewall.

In my experience, incoming connections from AWS have been due to badly behaving VMs in Amazon's cloud, typically infected (Windows VMs...how typical).

If you are concerned about malicious activity, you should probably contact Amazon:

https://aws.amazon.com/premiumsupport/knowledge-center/report-aws-abuse/

Asking us here is not likely to get you any useful results, because as you can see, we typically have different experiences at different times.

GL

--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Rosenthal & Rosenthal, LLC                www.2rosenthals.com
visit my IT blog                www.2rosenthals.net/wordpress
-------------------------------------------------------------


Subscribe: Feed, Digest, Index.
Unsubscribe
Mail to ListMaster