aCOSwt's questions -server

aCOSwt

Asked: 2018-08-31 03:32:36 +0800 CST

how can so called "unallocated" IP adresses appear in web logs?

My server is currently experiencing some web app attack to which miscellaneous IPv6 addresses are participating.

Several of these addresses are said belonging to so called unallocated networks

None of these addresses are currently being report on the major lists of dirty IPs

As an example of these : 2002:d15a:e1c3::d15a:e1c3 The remarks section of the whois notes : This object is here for Database consistency.

How can this be possible ? Is it worth blacklisting ?

aCOSwt

Asked: 2018-08-04 01:39:18 +0800 CST

As part of my Apache logs, I can frequently observe a sequence of consecutive GET like :

46.235.158.196 - Requesting a file
Some other host requesting the exact same file within the same second with the same user agent

Being said that :

46.235.158.196 is said belonging to Symantec
But said by the SpamHaus infected or NATing for a computer infected with matsnu
The other host IP varies but is systematically owned by one or another reknown institution

I am wondering wether it is a legal protection service from symantec or a sign that the other host is infected or NATing too ?