On 11/21/2017 7:32 AM, Anthony Cartmell wrote:
would give admins enough of a clue to see if they were a culprit without giving the actual IPs away?
It's a good idea. I think removing the first octet would be enough obfuscation.
So these IPs in 21 days are the top 15 abusers. With rule updates disabled, this traffic level indicates a problem.
24441 XX.61.138.136 20948 XX.137.36.178 20270 XX.56.17.151 18452 XX.76.211.56 18141 XX.32.88.139 14028 XX.69.200.153 12539 XX.229.96.116 12506 XX.221.192.173 11568 XX.77.52.43 10526 XX.163.197.66 10079 XX.61.28.10 8818 XX.204.24.253 8606 XX.128.6.242 8289 XX.210.201.60 6640 XX.57.105.90 5647 XX.233.160.53 5491 XX.19.251.191 5266 XX.231.133.170 4315 XX.163.15.214 2980 XX.63.124.11 Regards, KAM
