Anyone seeing a lot of dropped connection from Amazon?
It has been couple of days I've seen a lot of inbound connection attempts from Amazon addresses. Mainly AMAZON-IAD, AMAZON-GRU, AMAZON-BRA.
I cannot figure out why. They look like port scanning. I cannot find any outbound traffic to these addresses. All connections are of course dropped but they fill up my logfiles. I found out from AbuseIPDB site that others are seeing this also.
Anyone to shed some light on this?
0
Sign In to comment.
Answers
Pls see the attachment for TOP 50 denied during 24 hrs
Hi @Juuso
I'd suggest making sure you have services like Botnet and IPS turned on. If you continue to see this type of traffic, consider opening a support case so a support technician can help.
-James Carson
WatchGuard Customer Support
Both are are on and all traffic from these addresses was denied. Also only inbound traffic, no outbound so nothing was initiated from our end. I'll wait for couple of days and see if there is any change and consider reporting after that.
I reported the addresses to Amazon and got superfast answer that addresses are used by their customers and they will release an investigation on this.
I also made a thorough look over my logfiles and the traffic is really pure port scanning.
I am still interested if anybody has seen traffic like this.