I've been getting port scanned by one particular IP that resolves to a block in China and was going to configure a black hole route to deal with the constant scans. Would I need to create a network definition for that IP / IP range and black hole that, or is there another way this should be done?
Incidentally the IP is 60.173.11.56 , I've gone over every thing inside my network to try to find anything residing there that might be causing the scans but I've come up with nothing, as far as I can tell there's no evidence of malware that may be causing this.
This thread was automatically locked due to age.
