This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking Amazon EC2 Traffic

Hello,

For the past two weeks my servers has been under constant attack by bots running on Amazon's EC2 infrastructure. None of my servers warrant access from a cloud platform like EC2 or Azure, so I'm considering blocking all incoming requests from EC2 since attacks happen from numerous servers in numerous countries.

The problem is that there is a ton of IP addresses involved. I can spend my whole Sunday entering each IP address range manually (and see a network definition for each of them, clobbering my network definitions).

Is there a better way to import those IP ranges and not have each IP range be a separate network definition in the UTM?

I'm running Release 9.103-5.

Thanks,
Werner

This thread was automatically locked due to age.

0 William Warren over 12 years ago

keep in mind some of sophos updates come from amazon. Could you post the logs of these attacks?
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 12 years ago

Hi, you can often group network defs into SuperNets; e.g. a bunch of /24's might be group-able into a /16 or even a /8.

Make sure you block inbound only, so as not to interfere with updates and access to web sites on EC2.

Barry
Cancel
Vote Up 0 Vote Down

Cancel