DDOS attack, what to do

Security
1

Can someone pls tell what to do when a large DDOS attack (~40k requests from many IPs of one Country during one day) happens? I closed all ports on the firewall, reset the gateway and the attack stopped for now. Involved seems to be a Turkish hoster, Keyubu, but there are also other IP’s involved. Due to the fact that there a lots of different networks the attack came from I wonder how to get rid of those unfriendly people for now.

[Edit]

Anytime I close port 443 on iPFire, the port 443 requests from Turkey stop, as soon as I open port 443 again, they immediately flood the firewall log. However, most of them are blocked anyway.

I shut down my LAN infrastructure such as the server on the DMZ in Orange but above behavior keeps still to be the same. So I assume this comes from outside only?

BTW, I have blocked Turkey in Country Block as a whole anyway but the internet gets slow.

2

It is a difficult situation, not sure what to suggest without seeing your logs.

In general, you need to redirect the bad DDoS traffic maybe using a reverse proxy and load balancer.

Could you post some of the logs?

3
Time Chain Iface Proto Source Src Port Destination Dst Port
07:31:02 DROP_INPUT red0 TCP 188.132.193.114 19065 my.ext.ip.add 443
07:31:00 DROP_INPUT red0 TCP 185.34.129.244 13701 my.ext.ip.add 443
07:30:58 DNAT red0 TCP 185.248.13.93 61006 my.ext.ip.add 443
07:30:57 DNAT red0 TCP 45.94.7.178 60402 my.ext.ip.add 443
07:30:57 DNAT red0 TCP 185.213.170.6 14859 my.ext.ip.add 443
07:30:56 DNAT red0 TCP 188.132.207.122 27796 my.ext.ip.add 443
07:30:54 DNAT red0 TCP 45.94.7.120 53748 my.ext.ip.add 443
07:30:54 DNAT red0 TCP 203.202.233.93 55388 my.ext.ip.add 443
07:30:54 DNAT red0 TCP 188.132.206.6 55388 my.ext.ip.add 443
07:30:54 DNAT red0 TCP 185.248.12.234 61726 my.ext.ip.add 443
07:30:54 DNAT red0 TCP 185.248.13.138 44169 my.ext.ip.add 443
07:30:51 DNAT red0 TCP 94.103.124.216 22526 my.ext.ip.add 443
07:30:49 DNAT red0 TCP 213.238.174.131 49135 my.ext.ip.add 443
07:30:48 DNAT red0 TCP 185.248.13.169 17118 my.ext.ip.add 443
07:30:48 DNAT red0 TCP 95.141.248.106 45721 my.ext.ip.add 443
07:30:46 DNAT red0 TCP 188.132.206.58 27606 my.ext.ip.add 443
07:30:45 DNAT red0 TCP 94.103.124.20 44433 my.ext.ip.add 443
07:30:44 DNAT red0 TCP 94.103.124.152 31118 my.ext.ip.add 443
07:30:44 DNAT red0 TCP 194.4.153.228 4837 my.ext.ip.add 443
07:30:44 DNAT red0 TCP 188.132.207.84 4094 my.ext.ip.add 443
07:30:44 DNAT red0 TCP 203.202.233.152 12550 my.ext.ip.add 443
07:30:43 DNAT red0 TCP 188.132.206.82 64647 my.ext.ip.add 443
07:30:43 DNAT red0 TCP 203.202.233.136 24564 my.ext.ip.add 443
07:30:43 DNAT red0 TCP 195.170.186.105 18975 my.ext.ip.add 443
07:30:41 DNAT red0 TCP 87.121.22.224 36876 my.ext.ip.add 443
07:30:40 DNAT red0 TCP 45.156.30.179 26119 my.ext.ip.add 443
07:30:40 DNAT red0 TCP 95.141.248.97 18293 my.ext.ip.add 443
07:30:40 DNAT red0 TCP 213.134.12.186 15875 my.ext.ip.add 443
07:30:37 DNAT red0 TCP 213.238.174.68 52028 my.ext.ip.add 443
07:30:36 DNAT red0 TCP 213.238.174.222 29978 my.ext.ip.add 443
07:30:30 DNAT red0 TCP 94.103.124.46 60834 my.ext.ip.add 443
07:30:29 DNAT red0 TCP 87.121.22.123 64374 my.ext.ip.add 443
07:30:26 DNAT red0 TCP 95.141.248.100 6607 my.ext.ip.add 443
07:30:25 DNAT red0 TCP 45.156.30.57 39764 my.ext.ip.add 443
07:30:23 DNAT red0 TCP 188.132.193.20 36229 my.ext.ip.add 443
07:30:22 DNAT red0 TCP 188.132.193.81 23296 my.ext.ip.add 443
07:30:21 DNAT red0 TCP 188.125.163.153 52986 my.ext.ip.add 443
07:30:21 DNAT red0 TCP 188.125.163.21 43364 my.ext.ip.add 443
07:30:18 DNAT red0 TCP 185.213.170.101 3134 my.ext.ip.add 443
07:30:16 DNAT red0 TCP 188.132.207.231 17409 my.ext.ip.add 443
07:30:14 DNAT red0 TCP 45.94.7.66 52250 my.ext.ip.add 443
07:30:13 DNAT red0 TCP 95.141.248.193 30 my.ext.ip.add 443
07:30:10 DNAT red0 TCP 185.34.130.69 7027 my.ext.ip.add 443
07:30:10 DNAT red0 TCP 213.134.12.73 24233 my.ext.ip.add 443
07:30:10 DNAT red0 TCP 45.94.5.229 35285 my.ext.ip.add 443
07:30:09 DNAT red0 TCP 188.125.163.237 63007 my.ext.ip.add 443
07:30:09 DNAT red0 TCP 45.156.31.165 762 my.ext.ip.add 443
07:30:09 DNAT red0 TCP 194.4.153.204 48865 my.ext.ip.add 443
07:30:08 DNAT red0 TCP 185.248.13.14 15691 my.ext.ip.add 443
07:30:06 DNAT red0 TCP 185.248.15.250 65081 my.ext.ip.add 443
07:30:06 DNAT red0 TCP 185.34.129.165 18078 my.ext.ip.add 443
07:30:06 DNAT red0 TCP 213.134.12.31 14721 my.ext.ip.add 443
07:30:04 DNAT red0 TCP 185.248.14.230 17360 my.ext.ip.add 443
07:30:03 DNAT red0 TCP 94.103.124.233 5275 my.ext.ip.add 443
07:30:00 DNAT red0 TCP 203.202.233.106 31295 my.ext.ip.add 443
07:30:00 DNAT red0 TCP 185.248.12.18 13453 my.ext.ip.add 443
07:30:00 DNAT red0 TCP 94.103.124.107 43198 my.ext.ip.add 443
07:29:59 DNAT red0 TCP 188.125.163.178 1623 my.ext.ip.add 443
07:29:59 DNAT red0 TCP 45.94.7.32 13908 my.ext.ip.add 443
07:29:56 DNAT red0 TCP 213.134.12.208 27036 my.ext.ip.add 443
07:29:56 DNAT red0 TCP 213.134.12.208 27036 my.ext.ip.add 443
07:29:56 DNAT red0 TCP 188.125.163.190 53696 my.ext.ip.add 443
07:29:55 DNAT red0 TCP 45.94.7.247 7194 my.ext.ip.add 443
07:29:55 DNAT red0 TCP 213.134.12.91 30929 my.ext.ip.add 443
07:29:54 DNAT red0 TCP 87.121.22.55 53413 my.ext.ip.add 443
07:29:53 DNAT red0 TCP 213.238.174.10 37031 my.ext.ip.add 443
07:29:53 DNAT red0 TCP 45.156.31.25 53574 my.ext.ip.add 443
07:29:52 DNAT red0 TCP 188.125.163.67 57775 my.ext.ip.add 443
07:29:51 DNAT red0 TCP 185.248.13.55 51156 my.ext.ip.add 443
07:29:51 DNAT red0 TCP 45.94.5.14 41307 my.ext.ip.add 443
07:29:50 DNAT red0 TCP 185.34.129.206 34050 my.ext.ip.add 443
07:29:50 DNAT red0 TCP 87.121.22.180 59941 my.ext.ip.add 443
07:29:49 DNAT red0 TCP 87.121.22.163 8210 my.ext.ip.add 443
07:29:48 DNAT red0 TCP 45.156.30.121 344 my.ext.ip.add 443
07:29:47 DNAT red0 TCP 45.156.31.180 5819 my.ext.ip.add 443
07:29:46 DNAT red0 TCP 45.156.31.136 61739 my.ext.ip.add 443
07:29:45 DNAT red0 TCP 185.34.130.34 14884 my.ext.ip.add 443
07:29:45 DNAT red0 TCP 185.34.130.17 11839 my.ext.ip.add 443
07:29:43 DNAT red0 TCP 188.132.193.10 23926 my.ext.ip.add 443
07:29:43 DNAT red0 TCP 213.238.174.66 5741 my.ext.ip.add 443
07:29:42 DNAT red0 TCP 194.4.153.133 8976 my.ext.ip.add 443
07:29:41 DNAT red0 TCP 94.103.124.135 64736 my.ext.ip.add 443
07:29:40 DNAT red0 TCP 185.248.15.196 54124 my.ext.ip.add 443
07:29:40 DNAT red0 TCP 185.213.170.182 25057 my.ext.ip.add 443
07:29:39 DNAT red0 TCP 45.156.30.46 28281 my.ext.ip.add 443
07:29:39 DNAT red0 TCP 188.125.163.152 40803 my.ext.ip.add 443
07:29:39 DNAT red0 TCP 185.248.14.220 41040 my.ext.ip.add 443
07:29:37 DNAT red0 TCP 213.134.12.102 43443 my.ext.ip.add 443
07:29:36 DNAT red0 TCP 194.4.153.12 53224 my.ext.ip.add 443
07:29:35 DNAT red0 TCP 185.248.15.187 36117 my.ext.ip.add 443
07:29:33 DNAT red0 TCP 95.141.248.42 55830 my.ext.ip.add 443
07:29:31 DNAT red0 TCP 188.125.163.251 43823 my.ext.ip.add 443
07:29:31 DNAT red0 TCP 185.34.129.171 55076 my.ext.ip.add 443
07:29:28 DNAT red0 TCP 185.34.130.6 53372 my.ext.ip.add 443
07:29:27 FORWARDFW red0 TCP 45.94.5.26 25987 10.140.12.195 443
07:29:27 DNAT red0 TCP 45.94.5.26 25987 my.ext.ip.add 443
07:29:26 DNAT red0 TCP 185.34.129.75 56874 my.ext.ip.add 443
07:29:26 FORWARDFW red0 TCP 188.132.193.14 3982 10.140.12.195 443
07:29:26 DNAT red0 TCP 188.132.193.14 3982 my.ext.ip.add 443
07:29:26 FORWARDFW red0 TCP 87.121.22.95 2622 10.140.12.195 443
07:29:26 DNAT red0 TCP 87.121.22.95 2622 my.ext.ip.add 443
07:29:25 FORWARDFW red0 TCP 188.125.163.183 65459 10.140.12.195 443
07:29:25 DNAT red0 TCP 188.125.163.183 65459 my.ext.ip.add 443
07:29:25 FORWARDFW red0 TCP 45.156.30.27 61227 10.140.12.195 443
07:29:25 DNAT red0 TCP 45.156.30.27 61227 my.ext.ip.add 443
07:29:24 FORWARDFW red0 TCP 45.156.31.193 26367 10.140.12.195 443
07:29:24 DNAT red0 TCP 45.156.31.193 26367 my.ext.ip.add 443
07:29:24 FORWARDFW red0 TCP 188.125.163.232 11097 10.140.12.195 443
07:29:24 DNAT red0 TCP 188.125.163.232 11097 my.ext.ip.add 443
07:29:24 FORWARDFW red0 TCP 185.248.14.237 26419 10.140.12.195 443
07:29:24 DNAT red0 TCP 185.248.14.237 26419 my.ext.ip.add 443
07:29:23 FORWARDFW red0 TCP 213.134.12.90 36926 10.140.12.195 443
07:29:23 DNAT red0 TCP 213.134.12.90 36926 my.ext.ip.add 443
07:29:23 FORWARDFW red0 TCP 45.156.31.149 2676 10.140.12.195 443
07:29:23 DNAT red0 TCP 45.156.31.149 2676 my.ext.ip.add 443
07:26:05 DROP_INPUT red0 TCP 185.213.170.33 40894 my.ext.ip.add 443
07:26:04 DROP_INPUT red0 TCP 94.103.124.165 10585 my.ext.ip.add 443
07:26:02 DROP_INPUT red0 TCP 203.202.233.228 37202 my.ext.ip.add 443
07:26:02 DROP_INPUT red0 TCP 95.141.248.64 16611 my.ext.ip.add 443
07:26:01 DROP_INPUT red0 TCP 188.132.207.211 49683 my.ext.ip.add 443
07:26:01 DROP_INPUT red0 TCP 185.248.14.212 48300 my.ext.ip.add 443
07:25:58 DNAT red0 TCP 185.34.129.94 45316 my.ext.ip.add 443
07:25:55 DNAT red0 TCP 185.248.14.220 1204 my.ext.ip.add 443
07:25:55 DNAT red0 TCP 45.94.7.27 3930 my.ext.ip.add 443
07:25:54 DNAT red0 TCP 203.202.233.117 7784 my.ext.ip.add 443
07:25:53 DNAT red0 TCP 185.248.14.54 19518 my.ext.ip.add 443
07:25:52 DNAT red0 TCP 195.170.186.250 35112 my.ext.ip.add 443
07:25:51 DNAT red0 TCP 188.132.193.222 19167 my.ext.ip.add 443
07:25:50 DNAT red0 TCP 188.125.163.117 3815 my.ext.ip.add 443
07:25:49 DNAT red0 TCP 185.248.15.31 7417 my.ext.ip.add 443
07:25:48 DNAT red0 TCP 185.34.130.229 36247 my.ext.ip.add 443
07:25:47 DNAT red0 TCP 203.202.233.44 4444 my.ext.ip.add 443
07:25:47 DNAT red0 TCP 188.132.207.115 54747 my.ext.ip.add 443
07:25:47 DNAT red0 TCP 195.170.186.135 30455 my.ext.ip.add 443
07:25:47 DNAT red0 TCP 188.132.206.94 22557 my.ext.ip.add 443
07:25:47 DNAT red0 TCP 188.132.206.94 37617 my.ext.ip.add 443
07:25:46 DNAT red0 TCP 213.238.174.113 31154 my.ext.ip.add 443
07:25:46 DNAT red0 TCP 188.132.206.192 44944 my.ext.ip.add 443
07:25:45 DNAT red0 TCP 185.248.14.102 29272 my.ext.ip.add 443
07:25:44 DNAT red0 TCP 185.248.14.5 11070 my.ext.ip.add 443
07:25:43 DNAT red0 TCP 95.141.248.111 18192 my.ext.ip.add 443
07:25:43 DNAT red0 TCP 185.34.129.74 29991 my.ext.ip.add 443
07:25:43 DNAT red0 TCP 188.132.193.114 1550 my.ext.ip.add 443
07:25:41 DNAT red0 TCP 185.34.129.230 11687 my.ext.ip.add 443
07:25:39 DNAT red0 TCP 195.170.186.90 62977 my.ext.ip.add 443
07:25:39 DNAT red0 TCP 188.125.163.98 57797 my.ext.ip.add 443
07:25:39 DNAT red0 TCP 188.132.206.203 816 my.ext.ip.add 443
07:25:38 DNAT red0 TCP 185.248.12.103 10035 my.ext.ip.add 443
07:25:37 DNAT red0 TCP 188.132.206.111 1090 my.ext.ip.add 443
07:25:36 DNAT red0 TCP 185.248.14.80 17372 my.ext.ip.add 443
07:25:36 DNAT red0 TCP 87.121.22.186 31406 my.ext.ip.add 443
07:25:35 DNAT red0 TCP 195.170.186.76 26239 my.ext.ip.add 443
07:25:35 DNAT red0 TCP 185.34.129.250 14373 my.ext.ip.add 443
07:25:34 DNAT red0 TCP 185.34.130.16 23566 my.ext.ip.add 443
07:25:34 DNAT red0 TCP 185.34.130.239 37193 my.ext.ip.add 443
07:25:33 DNAT red0 TCP 188.132.193.65 6554 my.ext.ip.add 443
07:25:33 DNAT red0 TCP 188.132.193.65 6554 my.ext.ip.add 443
07:25:32 DNAT red0 TCP 203.202.233.62 20093 my.ext.ip.add 443
07:25:31 DNAT red0 TCP 188.125.163.157 31082 my.ext.ip.add 443
07:25:30 DNAT red0 TCP 45.94.7.145 9766 my.ext.ip.add 443
07:25:30 DNAT red0 TCP 45.94.7.87 6666 my.ext.ip.add 443
07:25:28 DNAT red0 TCP 87.121.22.5 62380 my.ext.ip.add 443
07:25:24 DNAT red0 TCP 213.134.12.7 4799 my.ext.ip.add 443
07:25:23 DNAT red0 TCP 94.103.124.10 741 my.ext.ip.add 443
07:25:22 DNAT red0 TCP 185.34.130.138 6182 my.ext.ip.add 443
07:25:22 DNAT red0 TCP 87.121.22.147 21999 my.ext.ip.add 443
07:25:21 DNAT red0 TCP 185.34.130.72 38356 my.ext.ip.add 443
07:25:20 DNAT red0 TCP 185.34.130.25 35195 my.ext.ip.add 443
07:25:20 DNAT red0 TCP 185.34.130.27 22912 my.ext.ip.add 443
07:25:19 DNAT red0 TCP 185.248.12.72 48607 my.ext.ip.add 443
07:25:19 DNAT red0 TCP 188.125.163.199 48846 my.ext.ip.add 443
07:25:19 DNAT red0 TCP 194.4.153.75 31557 my.ext.ip.add 443
07:25:19 DNAT red0 TCP 185.213.170.57 35638 my.ext.ip.add 443
07:25:18 DNAT red0 TCP 194.4.153.70 47643 my.ext.ip.add 443
07:25:17 DNAT red0 TCP 188.132.207.26 56253 my.ext.ip.add 443
07:25:14 DNAT red0 TCP 185.248.13.54 62563 my.ext.ip.add 443
07:25:09 DNAT red0 TCP 185.34.130.146 5506 my.ext.ip.add 443
07:25:08 DNAT red0 TCP 95.141.248.215 58939 my.ext.ip.add 443
07:25:07 DNAT red0 TCP 188.132.207.58 24313 my.ext.ip.add 443
07:25:04 FORWARDFW red0 TCP 213.134.12.98 7545 10.140.12.195 443
07:25:04 DNAT red0 TCP 213.134.12.98 7545 my.ext.ip.add 443
07:25:04 FORWARDFW red0 TCP 194.4.153.137 22587 10.140.12.195 443
07:25:04 DNAT red0 TCP 194.4.153.137 22587 my.ext.ip.add 443
07:25:02 FORWARDFW red0 TCP 45.156.30.147 26960 10.140.12.195 443
07:25:02 DNAT red0 TCP 45.156.30.147 26960 my.ext.ip.add 443
07:25:01 FORWARDFW red0 TCP 213.134.12.68 25240 10.140.12.195 443
07:25:01 DNAT red0 TCP 213.134.12.68 25240 my.ext.ip.add 443
07:25:00 FORWARDFW red0 TCP 195.170.186.199 30715 10.140.12.195 443
07:25:00 DNAT red0 TCP 195.170.186.199 30715 my.ext.ip.add 443
07:25:00 FORWARDFW red0 TCP 188.132.206.6 23875 10.140.12.195 443
07:25:00 DNAT red0 TCP 188.132.206.6 23875 my.ext.ip.add 443
07:24:46 DROP_INPUT red0 TCP 185.248.13.195 23741 my.ext.ip.add 443
07:24:45 DROP_INPUT red0 TCP 188.132.207.253 25828 my.ext.ip.add 443
07:24:43 DROP_INPUT red0 TCP 188.132.206.82 22357 my.ext.ip.add 443
07:24:42 DROP_INPUT red0 TCP 188.132.206.122 4055 my.ext.ip.add 443
07:12:51 DROP_INPUT red0 TCP 188.125.163.44 8765 my.ext.ip.add 443
07:12:50 DROP_INPUT red0 TCP 95.141.248.67 38251 my.ext.ip.add 443
07:12:49 DROP_INPUT red0 TCP 95.141.248.233 61519 my.ext.ip.add 443
07:12:48 DROP_INPUT red0 TCP 188.125.163.117 60177 my.ext.ip.add 443
07:12:47 DROP_INPUT red0 TCP 95.141.248.163 40219 my.ext.ip.add 443
07:12:46 DROP_INPUT red0 TCP 185.213.170.207 19689 my.ext.ip.add 443
07:12:45 DNAT red0 TCP 188.125.163.142 15403 my.ext.ip.add 443
07:12:45 DNAT red0 TCP 185.248.15.79 53078 my.ext.ip.add 443
07:12:42 DNAT red0 TCP 94.103.124.183 42638 my.ext.ip.add 443
07:12:42 DNAT red0 TCP 185.248.12.230 19574 my.ext.ip.add 443
07:12:39 DNAT red0 TCP 185.248.14.140 19096 my.ext.ip.add 443
07:12:39 DNAT red0 TCP 188.132.207.162 44081 my.ext.ip.add 443
07:12:37 DNAT red0 TCP 94.103.124.8 23787 my.ext.ip.add 443
07:12:36 DNAT red0 TCP 94.103.124.28 20544 my.ext.ip.add 443
07:12:35 DNAT red0 TCP 185.34.130.146 25997 my.ext.ip.add 443
07:12:35 DNAT red0 TCP 213.134.12.131 26982 my.ext.ip.add 443
07:12:34 DNAT red0 TCP 95.141.248.173 62255 my.ext.ip.add 443
07:12:33 DNAT red0 TCP 185.248.15.38 10532 my.ext.ip.add 443
07:12:33 DNAT red0 TCP 188.132.207.126 2305 my.ext.ip.add 443
07:12:32 DNAT red0 TCP 213.238.174.212 38103 my.ext.ip.add 443
07:12:31 DNAT red0 TCP 185.213.170.79 20089 my.ext.ip.add 443
07:12:31 DNAT red0 TCP 45.156.31.76 20670 my.ext.ip.add 443
07:12:30 DNAT red0 TCP 188.125.163.17 55064 my.ext.ip.add 443
07:12:29 DNAT red0 TCP 94.103.124.130 64077 my.ext.ip.add 443
07:12:29 DNAT red0 TCP 87.121.22.173 7137 my.ext.ip.add 443
07:12:28 DNAT red0 TCP 87.121.22.219 20729 my.ext.ip.add 443
07:12:28 DNAT red0 TCP 185.34.130.109 17270 my.ext.ip.add 443
07:12:27 DNAT red0 TCP 213.238.174.34 39114 my.ext.ip.add 443
07:12:26 DNAT red0 TCP 87.121.22.157 38116 my.ext.ip.add 443
07:12:24 DNAT red0 TCP 94.103.124.83 35973 my.ext.ip.add 443
07:12:23 DNAT red0 TCP 194.4.153.28 17407 my.ext.ip.add 443
07:12:23 DNAT red0 TCP 188.132.206.96 16581 my.ext.ip.add 443
07:12:21 DNAT red0 TCP 185.213.170.5 61878 my.ext.ip.add 443
07:12:20 DNAT red0 TCP 203.202.233.145 62611 my.ext.ip.add 443
07:12:19 DNAT red0 TCP 95.141.248.168 62073 my.ext.ip.add 443
07:12:18 DNAT red0 TCP 213.134.12.194 8555 my.ext.ip.add 443
07:12:16 DNAT red0 TCP 45.156.30.249 21046 my.ext.ip.add 443
07:12:16 DNAT red0 TCP 45.94.7.194 32002 my.ext.ip.add 443
07:12:16 DNAT red0 TCP 45.156.30.4 27580 my.ext.ip.add 443
07:12:15 DNAT red0 TCP 87.121.22.251 16996 my.ext.ip.add 443
07:12:15 DNAT red0 TCP 95.141.248.247 62267 my.ext.ip.add 443
07:12:13 DNAT red0 TCP 45.156.30.134 49941 my.ext.ip.add 443
07:12:13 DNAT red0 TCP 185.34.130.148 46448 my.ext.ip.add 443
07:12:12 DNAT red0 TCP 185.248.12.154 44836 my.ext.ip.add 443
07:12:12 DNAT red0 TCP 188.132.206.64 18028 my.ext.ip.add 443
07:12:11 DNAT red0 TCP 45.156.30.178 1413 my.ext.ip.add 443
07:12:11 DNAT red0 TCP 185.248.15.41 19108 my.ext.ip.add 443
07:12:10 DNAT red0 TCP 185.34.130.79 21770 my.ext.ip.add 443
07:12:08 DNAT red0 TCP 87.121.22.33 17946 my.ext.ip.add 443
07:12:07 DNAT red0 TCP 185.34.129.240 34738 my.ext.ip.add 443
07:12:05 DNAT red0 TCP 45.94.5.166 64603 my.ext.ip.add 443
07:12:05 DNAT red0 TCP 87.121.22.29 43725 my.ext.ip.add 443
07:12:05 DNAT red0 TCP 185.34.129.171 41754 my.ext.ip.add 443
07:12:03 DNAT red0 TCP 45.156.31.222 45069 my.ext.ip.add 443
07:12:02 DNAT red0 TCP 45.156.31.21 38112 my.ext.ip.add 443
07:12:01 DNAT red0 TCP 188.125.163.203 19205 my.ext.ip.add 443
07:12:01 DNAT red0 TCP 188.132.207.200 50778 my.ext.ip.add 443
07:11:58 DNAT red0 TCP 45.156.31.168 23033 my.ext.ip.add 443
07:11:58 DNAT red0 TCP 188.132.193.24 31686 my.ext.ip.add 443
07:11:57 DNAT red0 TCP 185.248.13.157 60540 my.ext.ip.add 443
07:11:56 DNAT red0 TCP 188.132.206.198 30978 my.ext.ip.add 443
07:11:56 DNAT red0 TCP 203.202.233.193 54248 my.ext.ip.add 443
07:11:55 DNAT red0 TCP 45.94.5.109 10948 my.ext.ip.add 443
07:11:55 DNAT red0 TCP 188.132.206.25 13205 my.ext.ip.add 443
07:11:55 DNAT red0 TCP 87.121.22.211 12988 my.ext.ip.add 443
07:11:54 DNAT red0 TCP 188.125.163.103 37706 my.ext.ip.add 443
07:11:53 DNAT red0 TCP 45.94.7.82 34002 my.ext.ip.add 443
07:11:53 DNAT red0 TCP 95.141.248.130 32331 my.ext.ip.add 443
07:11:52 DNAT red0 TCP 185.34.130.98 8715 my.ext.ip.add 443
07:11:52 DNAT red0 TCP 185.213.170.155 50648 my.ext.ip.add 443
07:11:52 DNAT red0 TCP 185.248.14.86 62026 my.ext.ip.add 443
07:11:51 DNAT red0 TCP 45.156.30.68 47357 my.ext.ip.add 443
07:11:51 DNAT red0 TCP 194.4.153.200 28767 my.ext.ip.add 443
07:11:51 DNAT red0 TCP 94.103.124.179 41699 my.ext.ip.add 443
07:11:50 DNAT red0 TCP 45.156.30.189 7382 my.ext.ip.add 443
07:11:50 DNAT red0 TCP 185.248.14.35 63800 my.ext.ip.add 443
07:11:50 DNAT red0 TCP 185.248.12.53 452 my.ext.ip.add 443
07:11:49 DNAT red0 TCP 188.125.163.112 13555 my.ext.ip.add 443
07:11:48 DNAT red0 TCP 185.248.15.227 29779 my.ext.ip.add 443
07:11:48 DNAT red0 TCP 185.248.13.164 41877 my.ext.ip.add 443
07:11:48 DNAT red0 TCP 185.34.130.61 45408 my.ext.ip.add 443
07:11:46 DNAT red0 TCP 188.132.193.106 64115 my.ext.ip.add 443
07:11:45 DNAT red0 TCP 185.34.129.192 12715 my.ext.ip.add 443
07:11:45 DNAT red0 TCP 94.103.124.200 148 my.ext.ip.add 443
07:11:45 DNAT red0 TCP 213.134.12.163 64953 my.ext.ip.add 443
07:11:44 DNAT red0 TCP 188.125.163.65 6491 my.ext.ip.add 443
07:11:44 DNAT red0 TCP 45.94.7.160 44596 my.ext.ip.add 443
07:11:44 DNAT red0 TCP 95.141.248.1 49330 my.ext.ip.add 443
07:11:41 DNAT red0 TCP 185.34.130.19 41233 my.ext.ip.add 443
07:11:39 DNAT red0 TCP 185.34.129.231 41096 my.ext.ip.add 443
07:11:39 DNAT red0 TCP 94.103.124.74 57874 my.ext.ip.add 443
07:11:38 DNAT red0 TCP 195.170.186.103 54928 my.ext.ip.add 443
07:11:35 DNAT red0 TCP 185.248.13.121 59333 my.ext.ip.add 443
07:11:32 DNAT red0 TCP 185.248.15.123 36534 my.ext.ip.add 443
07:11:32 DNAT red0 TCP 185.34.130.35 53888 my.ext.ip.add 443
07:11:32 DNAT red0 TCP 87.121.22.41 3433 my.ext.ip.add 443
07:11:32 DNAT red0 TCP 185.34.129.8 35461 my.ext.ip.add 443
07:11:31 DNAT red0 TCP 94.103.124.28 64259 my.ext.ip.add 443
07:11:31 DNAT red0 TCP 45.94.7.159 31049 my.ext.ip.add 443
07:11:31 DNAT red0 TCP 45.156.30.207 61613 my.ext.ip.add 443
07:11:31 DNAT red0 TCP 203.202.233.208 26739 my.ext.ip.add 443
07:11:30 DNAT red0 TCP 185.34.130.133 33560 my.ext.ip.add 443
07:11:30 DNAT red0 TCP 185.248.13.220 61610 my.ext.ip.add 443
07:11:27 DNAT red0 TCP 188.125.163.7 3186 my.ext.ip.add 443
07:11:26 DNAT red0 TCP 45.94.5.198 58074 my.ext.ip.add 443
07:11:26 DNAT red0 TCP 87.121.22.250 58700 my.ext.ip.add 443
07:11:25 DNAT red0 TCP 94.103.124.176 6391 my.ext.ip.add 443
07:11:24 DNAT red0 TCP 185.34.129.161 42657 my.ext.ip.add 443
07:11:24 DNAT red0 TCP 185.34.130.135 8271 my.ext.ip.add 443
07:11:23 DNAT red0 TCP 185.34.130.183 10262 my.ext.ip.add 443
07:11:21 DNAT red0 TCP 45.94.7.71 27495 my.ext.ip.add 443
07:11:21 DNAT red0 TCP 213.238.174.104 13627 my.ext.ip.add 443
07:11:21 DNAT red0 TCP 213.238.174.95 35338 my.ext.ip.add 443
07:11:20 DNAT red0 TCP 95.141.248.116 22795 my.ext.ip.add 443
07:11:20 DNAT red0 TCP 94.103.124.47 40390 my.ext.ip.add 443
07:11:18 DNAT red0 TCP 188.125.163.12 20337 my.ext.ip.add 443
07:11:17 DNAT red0 TCP 195.170.186.192 33 my.ext.ip.add 443
07:11:16 DNAT red0 TCP 185.248.12.4 50974 my.ext.ip.add 443
07:11:16 DNAT red0 TCP 203.202.233.145 46229 my.ext.ip.add 443
07:11:15 DNAT red0 TCP 45.156.31.65 45146 my.ext.ip.add 443
07:11:15 DNAT red0 TCP 185.34.129.174 49966 my.ext.ip.add 443
07:11:15 DNAT red0 TCP 185.34.129.49 55535 my.ext.ip.add 443
07:11:14 DNAT red0 TCP 185.34.129.222 32785 my.ext.ip.add 443
07:11:14 DNAT red0 TCP 188.132.193.208 64284 my.ext.ip.add 443
07:11:13 DNAT red0 TCP 185.248.13.123 35374 my.ext.ip.add 443
07:11:13 DNAT red0 TCP 185.248.14.244 46132 my.ext.ip.add 443
07:11:12 DNAT red0 TCP 188.132.206.70 60675 my.ext.ip.add 443
07:11:12 DNAT red0 TCP 185.213.170.241 45998 my.ext.ip.add 443
07:11:10 DNAT red0 TCP 45.156.31.35 37313 my.ext.ip.add 443
07:11:10 DNAT red0 TCP 188.132.206.166 7937 my.ext.ip.add 443
07:11:08 DNAT red0 TCP 95.141.248.249 62314 my.ext.ip.add 443
07:11:08 DNAT red0 TCP 188.132.207.87 51721 my.ext.ip.add 443
07:11:08 DNAT red0 TCP 188.132.206.159 47964 my.ext.ip.add 443
07:11:07 DNAT red0 TCP 213.134.12.33 35476 my.ext.ip.add 443
07:11:06 DNAT red0 TCP 45.156.31.3 59850 my.ext.ip.add 443
07:11:05 DNAT red0 TCP 95.141.248.175 33261 my.ext.ip.add 443
07:11:05 DNAT red0 TCP 188.132.193.143 28946 my.ext.ip.add 443
07:11:02 DNAT red0 TCP 203.202.233.219 5518 my.ext.ip.add 443
07:11:02 DNAT red0 TCP 185.34.130.215 41123 my.ext.ip.add 443
07:11:00 DNAT red0 TCP 188.125.163.70 58912 my.ext.ip.add 443
07:11:00 DNAT red0 TCP 185.248.12.216 35834 my.ext.ip.add 443
07:10:58 DNAT red0 TCP 213.238.174.16 62942 my.ext.ip.add 443
07:10:58 DNAT red0 TCP 94.103.124.73 39089 my.ext.ip.add 443
07:10:58 DNAT red0 TCP 188.132.193.251 4885 my.ext.ip.add 443
07:10:56 DNAT red0 TCP 188.125.163.127 59964 my.ext.ip.add 443
07:10:56 DNAT red0 TCP 87.121.22.163 33259 my.ext.ip.add 443
07:10:56 DNAT red0 TCP 45.94.5.18 44290 my.ext.ip.add 443
07:10:54 DNAT red0 TCP 45.94.7.14 58514 my.ext.ip.add 443
07:10:54 DNAT red0 TCP 188.132.193.254 47735 my.ext.ip.add 443
07:10:53 DNAT red0 TCP 94.103.124.243 4974 my.ext.ip.add 443
07:10:53 DNAT red0 TCP 45.94.7.226 38567 my.ext.ip.add 443
07:10:53 DNAT red0 TCP 45.94.7.119 32195 my.ext.ip.add 443
07:10:52 DNAT red0 TCP 185.248.13.200 9034 my.ext.ip.add 443
07:10:51 DNAT red0 TCP 87.121.22.52 38401 my.ext.ip.add 443
07:10:50 DNAT red0 TCP 185.248.15.180 50320 my.ext.ip.add 443
07:10:48 DNAT red0 TCP 188.132.207.47 29297 my.ext.ip.add 443
07:10:48 DNAT red0 TCP 185.248.13.52 32218 my.ext.ip.add 443
07:10:46 DNAT red0 TCP 87.121.22.109 42417 my.ext.ip.add 443
07:10:46 DNAT red0 TCP 188.125.163.1 59783 my.ext.ip.add 443
07:10:45 DNAT red0 TCP 45.156.31.253 58419 my.ext.ip.add 443
07:10:45 DNAT red0 TCP 213.134.12.223 64797 my.ext.ip.add 443
07:10:45 DNAT red0 TCP 194.4.153.83 64797 my.ext.ip.add 443
07:10:44 DNAT red0 TCP 45.156.31.13 64765 my.ext.ip.add 443
07:10:43 DNAT red0 TCP 185.248.13.72 39189 my.ext.ip.add 443
07:10:42 DNAT red0 TCP 45.156.30.157 30869 my.ext.ip.add 443
07:10:40 DNAT red0 TCP 188.125.163.62 16569 my.ext.ip.add 443
07:10:40 DNAT red0 TCP 45.156.31.30 35503 my.ext.ip.add 443
07:10:37 DNAT red0 TCP 188.125.163.90 10887 my.ext.ip.add 443
07:10:36 DNAT red0 TCP 45.156.30.72 50356 my.ext.ip.add 443
07:10:36 DNAT red0 TCP 213.134.12.65 47878 my.ext.ip.add 443
07:10:34 DNAT red0 TCP 203.202.233.31 9834 my.ext.ip.add 443
07:10:33 DNAT red0 TCP 185.34.129.101 22583 my.ext.ip.add 443
07:10:31 DNAT red0 TCP 194.4.153.164 31431 my.ext.ip.add 443
07:10:31 DNAT red0 TCP 185.213.170.32 39071 my.ext.ip.add 443
07:10:30 DNAT red0 TCP 185.34.129.20 2579 my.ext.ip.add 443
07:10:29 DNAT red0 TCP 45.94.7.214 24013 my.ext.ip.add 443
07:10:29 DNAT red0 TCP 188.132.206.188 3559 my.ext.ip.add 443
07:10:27 DNAT red0 TCP 45.94.7.146 50960 my.ext.ip.add 443
07:10:26 DNAT red0 TCP 185.34.129.212 51945 my.ext.ip.add 443
07:10:26 DNAT red0 TCP 185.248.15.21 41040 my.ext.ip.add 443
07:10:26 DNAT red0 TCP 185.248.12.124 2184 my.ext.ip.add 443
07:10:26 DNAT red0 TCP 188.132.207.205 64694 my.ext.ip.add 443
07:10:24 DNAT red0 TCP 194.4.153.36 23609 my.ext.ip.add 443
07:10:23 DNAT red0 TCP 45.156.31.136 40047 my.ext.ip.add 443
07:10:22 DNAT red0 TCP 95.141.248.62 29935 my.ext.ip.add 443
07:10:21 DNAT red0 TCP 45.94.7.98 6469 my.ext.ip.add 443
07:10:19 DNAT red0 TCP 45.156.31.144 11650 my.ext.ip.add 443
07:10:18 DNAT red0 TCP 203.202.233.142 46730 my.ext.ip.add 443
07:10:18 DNAT red0 TCP 188.125.163.244 9116 my.ext.ip.add 443
07:10:18 DNAT red0 TCP 185.213.170.208 5245 my.ext.ip.add 443
07:10:17 DNAT red0 TCP 188.125.163.66 27876 my.ext.ip.add 443
07:10:17 DNAT red0 TCP 185.34.129.111 435 my.ext.ip.add 443
07:10:16 DNAT red0 TCP 94.103.124.54 22598 my.ext.ip.add 443
07:10:15 DNAT red0 TCP 45.94.7.62 9071 my.ext.ip.add 443
07:10:15 DNAT red0 TCP 188.132.207.36 53241 my.ext.ip.add 443
07:10:13 DNAT red0 TCP 45.156.30.107 40576 my.ext.ip.add 443
07:10:12 DNAT red0 TCP 188.132.206.248 42900 my.ext.ip.add 443
07:10:10 DNAT red0 TCP 185.34.130.196 59317 my.ext.ip.add 443
07:10:09 DNAT red0 TCP 185.248.13.168 9827 my.ext.ip.add 443
07:10:08 DNAT red0 TCP 95.141.248.75 32467 my.ext.ip.add 443
07:10:07 DNAT red0 TCP 185.248.14.125 64499 my.ext.ip.add 443
07:10:05 DNAT red0 TCP 213.134.12.172 44838 my.ext.ip.add 443
07:10:05 DNAT red0 TCP 87.121.22.83 41992 my.ext.ip.add 443
07:10:04 DNAT red0 TCP 185.34.130.39 38610 my.ext.ip.add 443
07:10:01 DNAT red0 TCP 185.248.12.90 28283 my.ext.ip.add 443
07:10:01 DNAT red0 TCP 87.121.22.251 63249 my.ext.ip.add 443
07:09:59 DNAT red0 TCP 188.132.193.207 32008 my.ext.ip.add 443
07:09:57 DNAT red0 TCP 95.141.248.209 12735 my.ext.ip.add 443
07:09:55 DNAT red0 TCP 45.94.5.85 37309 my.ext.ip.add 443
07:09:55 DNAT red0 TCP 45.94.5.175 58549 my.ext.ip.add 443
07:09:55 DNAT red0 TCP 45.156.30.116 44404 my.ext.ip.add 443
07:09:54 DNAT red0 TCP 188.132.207.18 57972 my.ext.ip.add 443
07:09:53 DNAT red0 TCP 185.248.12.229 11986 my.ext.ip.add 443
07:09:51 DNAT red0 TCP 185.248.13.79 27145 my.ext.ip.add 443
07:09:49 DNAT red0 TCP 45.94.7.171 2205 my.ext.ip.add 443
07:09:49 DNAT red0 TCP 45.156.30.239 18571 my.ext.ip.add 443
07:09:48 DNAT red0 TCP 213.238.174.239 43882 my.ext.ip.add 443
07:09:47 DNAT red0 TCP 185.248.15.109 14606 my.ext.ip.add 443
07:09:47 DNAT red0 TCP 87.121.22.218 65047 my.ext.ip.add 443
07:09:47 DNAT red0 TCP 185.248.15.74 58020 my.ext.ip.add 443
07:09:46 DNAT red0 TCP 185.248.12.175 30257 my.ext.ip.add 443
07:09:46 DNAT red0 TCP 45.156.31.38 24507 my.ext.ip.add 443
07:09:45 DNAT red0 TCP 188.132.193.208 36201 my.ext.ip.add 443
07:09:44 DNAT red0 TCP 185.248.14.241 11088 my.ext.ip.add 443
07:09:43 DNAT red0 TCP 213.134.12.79 40213 my.ext.ip.add 443
07:09:42 DNAT red0 TCP 185.213.170.229 17414 my.ext.ip.add 443
07:09:41 DNAT red0 TCP 45.94.5.87 37156 my.ext.ip.add 443
07:09:41 DNAT red0 TCP 45.94.7.77 58798 my.ext.ip.add 443
07:09:36 DNAT red0 TCP 45.94.7.62 14188 my.ext.ip.add 443
07:09:35 DNAT red0 TCP 95.141.248.195 39918 my.ext.ip.add 443
07:09:33 DNAT red0 TCP 185.213.170.121 48226 my.ext.ip.add 443
07:09:29 DNAT red0 TCP 185.213.170.65 7275 my.ext.ip.add 443
07:09:27 DNAT red0 TCP 188.132.206.166 35640 my.ext.ip.add 443
07:09:27 DNAT red0 TCP 195.170.186.50 42345 my.ext.ip.add 443
07:09:26 DNAT red0 TCP 45.156.30.125 59891 my.ext.ip.add 443
07:09:26 DNAT red0 TCP 45.156.30.170 9147 my.ext.ip.add 443
07:09:26 DNAT red0 TCP 45.94.7.223 7699 my.ext.ip.add 443
07:09:25 DNAT red0 TCP 185.248.14.7 27909 my.ext.ip.add 443
07:09:25 DNAT red0 TCP 213.134.12.123 1035 my.ext.ip.add 443
07:09:24 DNAT red0 TCP 45.94.7.196 24110 my.ext.ip.add 443
07:09:24 DNAT red0 TCP 45.94.7.195 45673 my.ext.ip.add 443
07:09:24 DNAT red0 TCP 94.103.124.142 54093 my.ext.ip.add 443
07:09:23 DNAT red0 TCP 45.156.31.208 18734 my.ext.ip.add 443
07:09:21 DNAT red0 TCP 213.238.174.29 7878 my.ext.ip.add 443
07:09:21 DNAT red0 TCP 188.125.163.168 41940 my.ext.ip.add 443
07:09:21 DNAT red0 TCP 45.156.30.231 41181 my.ext.ip.add 443
07:09:21 DNAT red0 TCP 185.34.130.204 42470 my.ext.ip.add 443
07:09:20 DNAT red0 TCP 45.156.30.31 36771 my.ext.ip.add 443
07:09:20 DNAT red0 TCP 185.34.130.140 20932 my.ext.ip.add 443
07:09:19 DNAT red0 TCP 195.170.186.80 37757 my.ext.ip.add 443
07:09:19 DNAT red0 TCP 194.4.153.211 40789 my.ext.ip.add 443
07:09:19 DNAT red0 TCP 45.156.31.156 62495 my.ext.ip.add 443
07:09:17 DNAT red0 TCP 188.132.193.180 53640 my.ext.ip.add 443
07:09:17 DNAT red0 TCP 185.213.170.171 40769 my.ext.ip.add 443
07:09:16 DNAT red0 TCP 188.132.193.117 34494 my.ext.ip.add 443
4

07:30:58 DNAT IN=red0 OUT= MAC=3c:ec:ef:4b:ec:26:02:00:00:00:00:04:08:00 SRC=185.248.13.93 DST=my.ext.ip.add LEN=52 TOS=0x00 PREC=0x00 TTL=245 ID=23741 DF PROTO=TCP SPT=61006 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0

5

Are all the IP’s malicious or does it include good traffic as well?

I noticed that all IP’s are originating from the same ISP Atlantis and same ASN AS204457

image
image609×384 14.6 KB

Cloudflare statslook pretty horrendous:

image
image941×592 23.5 KB

6

Hi Peppe, I don’t think there is non malicious traffic involved. Is it perhaps good to contact the abuse admin(s) there?

7

Yes definitely let them know about the abuse. and hope they will do something about it

8

You might be able to block the whole IP range for ISP Atlantis, just have to figure out how to setup the Firewall Rule

# -------------------------------------------------------
# Free IP2Location Firewall List by ASN
# Source: https://www.ip2location.com/free/visitor-blocker-asn
# Last Generated: 08 Jan 2026 07:40:52 GMT
# [Important] Please update this list every month
# -------------------------------------------------------
45.94.5.0/24
45.94.7.0/24
45.156.30.0/24
45.156.31.0/24
87.121.22.0/24
94.103.124.0/24
95.141.248.0/24
185.34.129.0/24
185.34.130.0/24
185.248.12.0/24
185.248.13.0/24
185.248.14.0/24
185.248.15.0/24
188.125.163.0/24
194.4.153.0/24
195.170.186.0/24
213.134.12.0/24
213.238.174.0/24
1 Like
9

I created a network group based on the networks above and added a firewall rule on top of my ruleset:

Protocol: All
Source: ASN Blacklist
Log: yes
Destination: RED
REJECT

and it still shows FORWARDFW’s in the logs. Is the rule valid?

[EDIT] Seems to work but REJECTS seem not to be logged.

1 Like
10

Good question, I am not sure, but you could also try DROP instead of Reject.

11

:thinking: Maybe the informations on the following pages will help you decide whether to drop or reject.

edit
https://www.baeldung.com/linux/iptables-reject-vs-drop

Regards

3 Likes
12

Excellent point., one of the consequences of DoS is that your firewall has to keep up with the responses, and rejecting a packet gets taxing. It’s not even worth to respond to a DoS packet, so I like DROP.

Another issue will be 40 000 + entries in your logs, so keep the firewall cool and check on your flash storage health..

2 Likes
14

The requests seem to come from following ASN’s:

AS204457, AS210538, AS205570, AS209604, AS209474, AS205733, AS215027, AS216084.

However, when I close port 443 on iPFire, the traffic stops immediately, when I open it again, Port 443 requests start immediately again, independently if or if not the DMZ server in Orange is online; so I assume this one is not causing those requests.

Isn’t that a bit strange? Shouldn’t the logs continue with DROPs instead of silence? How do they know the firewall ports are closed?

[Edit] Ok, it seems that the DROPs are not logged, dependent on the firewall state. I’ve now disabled location block and enabled a specific country list covering my home country only at the moment and the logs are calm now.

15

Thanks for the follow-up, @firewire .

Did you reported at these ASs abuse email address your situation?

16

Good morning Pike, I’ve reported for two ASN’s yet. The latter from today morning, AS209604 5.10.223.0/24, is presumably located in Germany, so I just tried there with (filtered) text logs attached. However, the other one directly located in Turkey from yesterday didn’t report back anything yet.

Amazon AWS is much better with these types of inquiries. I’ve had request floods two times from there and they mitigated within 24 hours each after reporting.

17

Yey …

grafik
grafik1005×228 31.3 KB

Seems I’ve got some pretty good friends …

[Edit]

For those whom this may be of interest, my mitigaton list:

Name Network address Remark
AS204457_1 194.4.153.0/24
AS204457_2 45.94.7.0/24
AS204457_3 45.94.5.0/24
AS204457_4 185.248.13.0/24
AS204457_5 185.34.130.0/24
AS204457_6 45.156.31.0/24
AS210538_1 31.42.127.0/24
AS204457_8 45.156.30.0/24
AS204457_9 94.103.124.0/24
AS204457_10 185.248.14.0/24
AS204457_11 185.248.12.0/24
AS204457_12 188.125.163.0/24
AS204457_13 213.238.174.0/24
AS205570_1 91.151.90.0/24
AS205570_2 185.18.120.0/24
AS205570_3 185.213.170.0/24
AS205570_4 188.132.193.0/24
AS205570_5 188.132.206.0/24
AS205570_6 188.132.207.0/24
AS205570_7 203.202.233.0/24
AS204457_14 87.121.22.0/24
AS204457_15 95.141.248.0/24
AS204457_16 185.34.129.0/24
AS204457_17 185.248.15.0/24
AS204457_18 195.170.186.0/24
AS204457_19 213.134.12.0/24
AS210538_2 31.57.33.0/24
AS210538_3 31.57.77.0/24
AS210538_4 31.57.154.0/24
AS210538_5 31.57.156.0/24
AS210538_6 31.57.187.0/24
AS210538_7 31.58.91.0/24
AS210538_8 45.87.173.0/24
AS210538_9 45.133.36.0/24
AS210538_10 45.155.124.0/24
AS210538_11 82.153.241.0/24
AS210538_12 87.248.157.0/24
AS210538_13 89.47.113.0/24
AS210538_14 93.177.100.0/22
AS210538_15 94.154.32.0/24
AS210538_16 94.154.34.0/24
AS210538_17 94.154.46.0/24
AS210538_18 141.11.109.0/24
AS210538_19 178.208.187.0/24
AS210538_20 179.61.147.0/24
AS210538_21 185.169.180.0/24
AS210538_22 193.164.4.0/24
AS210538_23 193.164.6.0/24
AS210538_24 193.164.7.0/24
AS210538_25 194.105.5.0/24
AS209604_1 5.10.223.0/24
AS209604_2 5.144.177.0/24
AS209604_3 23.230.139.0/24
AS209604_4 45.38.149.0/24
AS209604_5 45.38.190.0/24
AS209604_6 45.38.210.0/24
AS209604_7 45.39.103.0/24
AS209604_8 45.39.241.0/24
AS209604_10 45.39.253.0/24 AS209604 - 2E TELEKOMUNIKASYON LTD STI
AS209604_11 45.155.125.0/24
AS209604_12 46.229.250.0/24
AS209604_13 72.18.67.0/24
AS209604_14 89.45.45.0/24
AS209604_16 93.114.183.0/24
AS209604_17 93.115.10.0/24
AS45090_1 154.8.128.0/17 AS45090 - Shenzhen Tencent Computer Systems Company Limited
AS4134_1 117.80.0.0/12 AS4134 - Chinanet Backbone
AS9121_1 195.174.0.0/15
AS209604_21 104.252.72.0/24
AS209604_22 185.73.127.0/24
AS209604_23 185.93.68.0/24
AS209604_24 185.93.69.0/24
AS209604_25 185.93.70.0/24
AS209604_26 185.132.126.0/24
AS209604_27 185.255.92.0/24
AS209604_28 185.255.93.0/24
AS209604_29 185.255.94.0/24
AS209604_30 185.255.95.0/24
AS209604_31 194.36.85.0/24
AS209604_32 208.92.224.0/24
AS209604_33 208.92.225.0/24
AS209474_1 91.124.63.0/24
AS209474_2 146.103.26.0/24
AS209474_3 194.113.226.0/24
AS205733_1 31.56.213.0/24
AS205733_2 31.57.134.0/24
AS205733_3 45.8.172.0/24
AS205733_4 45.94.171.0/24 AS205733 - HOSTIFOX INTERNET VE BILISIM HIZMETLERI TICARET SANAYI LIMITED SIRKETI
AS205733_5 95.134.70.0/24
AS205733_6 149.62.40.0/24
AS205733_7 163.5.168.0/24
AS205733_8 178.92.255.0/24
AS205733_9 194.116.228.0/24
AS215027_1 38.76.35.0/24
AS215027_2 45.131.3.0/24
AS215027_3 46.37.115.0/24
AS215027_4 46.102.237.0/24
AS215027_5 185.255.4.0/24
AS216084_1 5.83.155.0/24
AS216084_2 185.34.101.0/24
AS216084_3 185.211.100.0/24
AS213658_1 185.130.102.0/24
AS4134_2 123.96.0.0/16 AS4134 - Chinanet Backbone
AS45090_2 49.232.0.0/14 AS45090 - Shenzhen Tencent Computer Systems Company Limited
AS137718_1 115.190.0.0/15 AS137718 - Beijing Volcano Engine Technology Co Ltd.
AS132203_1 129.226.128.0/20 AS132203 - Shenzhen Tencent Computer Systems Company Limited
AS7922_1 98.32.0.0/11 AS7922 - Comcast Cable Communications LLC
AS4134_3 125.112.0.0/12 AS4134 - Chinanet Backbone
AS4837_1 39.64.0.0/11 AS4837 - CHINA UNICOM China169 Backbone
AS4134_4 59.62.0.0/15 AS4134 - Chinanet Backbone
AS4134_5 223.198.0.0/15 AS4134 - Chinanet Backbone
AS201814_1 194.180.49.0/24 AS201814 - MEVSPACE sp z oo
AS132203_2 43.129.64.0/18 AS132203 - Shenzhen Tencent Computer Systems Company Limited
18

I don’t understand the Problem. Attacks happen everywhere every Day, especially on port 443/HTTPS – isn’t it the job of a Firewall to block them? If you offer services on TCP port 443, some people will try to get in

Much ado about nothing ^^

You’re fighting Windmills there – if you want to report every IP Range, you’ll be doing nothing else for the next few Months

1 Like
19

Everyone has right to have own opinion, howewer.

On some sort of status description, you’re close to be correct on every point.
but on this one

in my opinion you got a blatant “miss”.
While run by some hardware, firewall distros are software, and every feature can be configured to log, diagnose, react (or not) to behaviours outside own network, the big bad messy and hostile internet.
Therefore is firewall admin job to create monitors, review logs, do evaluation and… act for reducing attack surface or disable possible bad threats to coming in or create issues.
So if it’s not intende port 443 to be accessed outside specific countries, why not avoiding “unnecessary noise” outside the expected traffic source?

IMVHO this is not true for the most part.
It’s a tiring game to report the range to range owners, that might (or not) consider to terminate contract with customers that are behaving… bad. Probably bad actors will find other services to rent (there’s everywhere in the world someone looking for more money) but if the customer will cost more money for managing issues than revenues? Who knows?

Not reporting and not reacting will create, in time, more troubles. Sometimes uncalled.

20

Sure you are right. From my perspective I do not feel comfortable with logs covering ten thousands of entries per day. So I created this mitigation list to avoid heavy logging (hits part of this list are not logged). My web site in the DMZ has usually two or three hits a day including crawlers so I’m sure you can feel after my fears to becoming a possible member of a Turkish botnet.

21

Funny, now they added some single Amazon AWS IP’s from India and other Turkish subnets spamming me full with port 443 requests …

[Update]

Interesting, I must correct myself. AWS India stopped late this afternoon; other EU countries as well. Looks like as if Turkey and some related countries (the US, for example) remain. :popcorn: