Ping a Specific Port

Question

A X

Asked: 2020-09-12 15:27:20 +0800 CST2020-09-12 15:27:20 +0800 CST 2020-09-12 15:27:20 +0800 CST

Attacker using "single use IPs" to generate large volumes of robotic traffic that is hard to block

772

Currently there is some wierd traffic on a HTTP server from lots of different IPs. I tried checking against known TOR exit nodes, but there were no matches.

They tend to be from countries in South America and Africa. However, none of the IPs are the same. So I'm not sure how the attacker is able to use so many different IPs, each IP only one time.

Does anyone know how an attacker might be able to get "single use IPs"? Perhaps they are from some sort of rented botnet? If so, is there an easy way I can check these IPs against a list of known threat IPs?

Any help would be greatly appreciated.

1 Answers

Voted

Jose Perez · Answer 1 · 2020-09-12T18:44:42+08:00

Jose Perez

2020-09-12T18:44:42+08:002020-09-12T18:44:42+08:00

If you don't need traffic or have clients from this country you should block the traffic based on the country if it is possible.

1

Attacker using "single use IPs" to generate large volumes of robotic traffic that is hard to block

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?