Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 6 replies
  • Subscribers 5 subscribers
  • Views 1077 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Portscans from ec2-54-....-12.compute-1.amazonaws.com

martin_sh

Hello,

I have created a "black hole" that I update with IPs received from Portscan notifications. I have done this in the last two or three years. Recently,  I noticed most of IPs are coming from compute-1.amazonaws.com, i.e.,

Source IP address: 54.92.255.12 (ec2-54-92-255-12.compute-1.amazanaws.com

I have Alexa at home. I noticed that as soon as I blacklist those IPs I receive more Portscan notifications. Then Alexa complains it has trouble to connect to Internet.

I am wondering if this is related to Alexa services. Any thoughts?

Thank you,

Martin



This thread was automatically locked due to age.
Parents

  • My personal experience with port scans from AWS is that they come from reputable companies that are "mapping" the Internet.  Every time they scan, it comes from a different AWS IP, so trying whack-a-mole with a blackhole rule won't succeed.  You might forward the portscan alert to abuse@amazonaws.com. You will want to include your time zone, the line from the Intrusion Prevention log related to the alert and a request to ask their customer to cease port scanning your IP.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • in reply to BAlfson

    Thank you Bob,

    Thank you for your clarification! It was very helpful to clear my confusion on aws services as related to portscans.

    Thank you,

    Martin

Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?