Hi, if you have some logs from the following subnets to your infrastructure and you are able to share, could you?
- 61.174.51.0/24 (although Ill take /16)
- 218.2.0.0/24
- 122.225.0.0/16
- 112.101.64.0/24
- 103.41.124.0/24
- 61.240.144.0/24
If you cant share logs or packets, maybe you could send me a source IP and Destination Port. (just use the contact form or send them direct to markh.isc (at) gmail.com )
The above are all active on SSH and DNS, just trying to see if there is anything else and if so what and in which part of the world.
Regards
Mark
NOTE: Thanks for all the info so far, very much appreciated, keep it coming. If sending a file please email direct to markh.isc (at) gmail.com as the contact form file facility is having a challenge. It is being looked at, but in the mean time please use the email address.
Thanks M
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.