I read about GeoIP blocking in the Hardening Guide and decided to take a look at the firewall logs and the by-country graph. For January through November, I saw mostly the usual suspects (China, Russia). But so far in December, almost 70% of the hits have come from…Germany! It’s two addresses in particular which have been hitting me up every 30 seconds or so, 24/7. They are targeting a random range of high-number ports (in the 30,000s).
I’m just curious to see if anyone else has noticed similar activity - thanks.
I look up the ip’s, find the relevant abuse@ contact email and send them an email that such and such ip from your network is hitting me every 30 seconds, 24/7. It usually stops after a while.