On Mon, Dec 04, 2017 at 11:19:56AM +0000, Edwin Pers wrote: > As an anecdotal aside, approx. 70% of incoming portscanners/rdp bots/ssh > bots/etc that hit the firewalls at my sites are coming from AWS.
Similar observations here. I have found it useful to attempt to enumerate their network allocations and block them from access to any service that requires authentication, e.g., ssh, pops, imaps, etc. Not a panacea by any means, but it does cut down on the noise. ---rsk
