[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Intrustion attempts from Amazon EC2 IPs

Subject: Intrustion attempts from Amazon EC2 IPs
From: jlewis at lewis.org (Jon Lewis)
Date: Sun, 22 Jun 2008 11:09:00 -0400 (EDT)
In-reply-to: <D175CB0A04FE634587DA0987F3C423101ECFC1E1D7@iddawg.blacknight.local>
References: <D175CB0A04FE634587DA0987F3C423101ECFC1E1D7@iddawg.blacknight.local>

On Sun, 22 Jun 2008, Paul Kelly :: Blacknight wrote:

> Have any of you recently noticed a lot of ssh scanning coming from 
> amazons EC "cloud" IP blocks?
>
> Today alone I've seen approx 4m attempts from EC2 IPs on just 20 nodes 
> on our network.

That's not too surprising, since any unix-like system that gets 
compromised can make a handy platform for extending the hacker's 
collection.

> Has anyone any experience with Amazons abuse people?

Yeah, if you can call them that.  There is no abuse coming from Amazon's 
EC2 cluster.  I got the impression the only thing Amazon considers abuse 
is use of their servers and not paying the bill.  If you're a paying 
customer, you can do whatever you like.

----------------------------------------------------------------------
  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

Follow-Ups:
- EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)
  - From: vixie at isc.org (Paul Vixie)

References:
- Intrustion attempts from Amazon EC2 IPs
  - From: paul at blacknight.com (Paul Kelly :: Blacknight)

Prev by Date: Intrustion attempts from Amazon EC2 IPs
Next by Date: Intrustion attempts from Amazon EC2 IPs
Previous by thread: Intrustion attempts from Amazon EC2 IPs
Next by thread: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)
Index(es):
- Date
- Thread