This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Portscans from ec2-54-....-12.compute-1.amazonaws.com

Hello,

I have created a "black hole" that I update with IPs received from Portscan notifications. I have done this in the last two or three years. Recently,  I noticed most of IPs are coming from compute-1.amazonaws.com, i.e.,

Source IP address: 54.92.255.12 (ec2-54-92-255-12.compute-1.amazanaws.com

I have Alexa at home. I noticed that as soon as I blacklist those IPs I receive more Portscan notifications. Then Alexa complains it has trouble to connect to Internet.

I am wondering if this is related to Alexa services. Any thoughts?

Thank you,

Martin



This thread was automatically locked due to age.
Parents
  • My personal experience with port scans from AWS is that they come from reputable companies that are "mapping" the Internet.  Every time they scan, it comes from a different AWS IP, so trying whack-a-mole with a blackhole rule won't succeed.  You might forward the portscan alert to abuse@amazonaws.com. You will want to include your time zone, the line from the Intrusion Prevention log related to the alert and a request to ask their customer to cease port scanning your IP.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank you Bob,

    Thank you for your clarification! It was very helpful to clear my confusion on aws services as related to portscans.

    Thank you,

    Martin

Reply Children
No Data