German Traffic?

stualden · 19 December 2019 15:28

I read about GeoIP blocking in the Hardening Guide and decided to take a look at the firewall logs and the by-country graph. For January through November, I saw mostly the usual suspects (China, Russia). But so far in December, almost 70% of the hits have come from…Germany! It’s two addresses in particular which have been hitting me up every 30 seconds or so, 24/7. They are targeting a random range of high-number ports (in the 30,000s).

I’m just curious to see if anyone else has noticed similar activity - thanks.

–Stu

anon42188109 · 19 December 2019 15:51

I look up the ip’s, find the relevant abuse@ contact email and send them an email that such and such ip from your network is hitting me every 30 seconds, 24/7. It usually stops after a while.

arne_f · 19 December 2019 15:59

Looks like some russian companies use german adresses now.

45.136.109.xxx and 45.136.110.xxx are registered to Comtrade LLC as german addresses. But comtrade is also a russian ISP.

stualden · 19 December 2019 16:44

Ah-ha. Yes, I’m being hit by 45.136.109.xxx. I’ll send an email, for what it’s worth. Thank you!