I have created a "black hole" that I update with IPs received from Portscan notifications. I have done this in the last two or three years. Recently, I noticed most of IPs are coming from compute-1.amazonaws.com, i.e.,
Source IP address: 18.104.22.168 (ec2-54-92-255-12.compute-1.amazanaws.com
I have Alexa at home. I noticed that as soon as I blacklist those IPs I receive more Portscan notifications. Then Alexa complains it has trouble to connect to Internet.
I am wondering if this is related to Alexa services. Any thoughts?
AWS is not amazon alexa or anything. AWS is a web based service to rent services in the internet. Actually even Sophos rent services on AWS for Central. Most vendors do this but as a "scanner" or "attacker" you can easily rent a EC2 instance (a small server in aws), do your scan and release this instance within seconds. This is part of the magic of AWS. Do not mix this with Alexa or any server of amazon itself.
Thank you Toni,
Yes, and I noticed these portscans tripled in the last week.