On Mon, Dec 04, 2017 at 11:19:56AM +0000, Edwin Pers wrote:
> As an anecdotal aside, approx. 70% of incoming portscanners/rdp bots/ssh
> bots/etc that hit the firewalls at my sites are coming from AWS.

Similar observations here.  I have found it useful to attempt to enumerate
their network allocations and block them from access to any service that
requires authentication, e.g., ssh, pops, imaps, etc.  Not a panacea
by any means, but it does cut down on the noise.

---rsk

Reply via email to