[105393] in North American Network Operators' Group
Re: Intrustion attempts from Amazon EC2 IPs
daemon@ATHENA.MIT.EDU (Jon Lewis)
Sun Jun 22 11:11:18 2008
Date: Sun, 22 Jun 2008 11:09:00 -0400 (EDT)
From: Jon Lewis <jlewis@lewis.org>
To: "Paul Kelly :: Blacknight" <paul@blacknight.com>
In-Reply-To: <D175CB0A04FE634587DA0987F3C423101ECFC1E1D7@iddawg.blacknight.local>
Cc: "'nanog@merit.edu'" <nanog@merit.edu>
Errors-To: nanog-bounces@nanog.org
On Sun, 22 Jun 2008, Paul Kelly :: Blacknight wrote:
> Have any of you recently noticed a lot of ssh scanning coming from
> amazons EC "cloud" IP blocks?
>
> Today alone I've seen approx 4m attempts from EC2 IPs on just 20 nodes
> on our network.
That's not too surprising, since any unix-like system that gets
compromised can make a handy platform for extending the hacker's
collection.
> Has anyone any experience with Amazons abuse people?
Yeah, if you can call them that. There is no abuse coming from Amazon's
EC2 cluster. I got the impression the only thing Amazon considers abuse
is use of their servers and not paying the bill. If you're a paying
customer, you can do whatever you like.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
