I read about GeoIP blocking in the Hardening Guide and decided to take a look at the firewall logs and the by-country graph. For January through November, I saw mostly the usual suspects (China, Russia). But so far in December, almost 70% of the hits have come from…Germany! It’s two addresses in particular which have been hitting me up every 30 seconds or so, 24/7. They are targeting a random range of high-number ports (in the 30,000s).
I’m just curious to see if anyone else has noticed similar activity - thanks.
–Stu