Just automate your reports to the abuse@ contacts for all of the IPs.
AWS: abuse at amazonaws dot com
GCP: google-cloud-compliance at google dot com
Azure: abuse at microsoft dot com
I know first hand, from the receiving end, that even fail2ban automated
abuse reports end up causing an In-Console Abuse report, and if you do
not respond to them that server at the IP address will get shutdown and
their account may get suspended if they are not handled in a timely
manner, etc etc.
Mind you, (if the person behind the IP was carrying out the attacks) the
can always ask for an extension to "investigate" to prolong the attack,
but I wouldn't give them much thought, after submitting the report and
dropping all future connections on your edge.
Tim
On 9/1/19 5:31 AM, Michael Peddemors via mailop wrote:
https://portal.msrc.microsoft.com/en-us/engage/cars
By the time you finished filling all the fields out, and hit submit it
tells you the recaptcha has expired and to 'reload the page', and of
course with it all the information you just spent 10 minutes filling in..
*sigh*
Meh! just blacklist instead. ;)
Active hacking activity from Google Cloud.. 35.232.230.7
Active hacking activity from Azure.. 168.61.215.179
Active hacking activity from Amazon.. 18.220.16.60
Just a long weekend grumble.. not that it really hurts us, but I know
that these kinds of threats are very serious and need more reactive
response methods..
With their budgets and size, don't we expect a little more resources
devoted to fast take downs and detections?
Especially when it is so easy to detect..
Just ranting here.. But I think maybe we need to see more people
ranting about this kind of thing.. Don't get me wrong, I know the
internet is a scary place, and there are literally millions of
compromised IoT devices doing the same thing, but people..
A compromised email is a very DANGEROUS thing..
(course, why we are promoting adding CLIENTID to every authentication,
couldn't resist the plug, email+pass is no longer good enough to
identify the legitimate user)
But what the real peeve off is, for all the hard working people in
infosec, when they can't get them shut down in a timely manner.
Or do we have to wait for the politicians to get hacked, and have them
start handing out big fines to get this addressed.
Take it as just a long weekend rant by one person.. But we as a
community have to do more.
-- Michael --
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
