Bananas in the falklands has a job of dealing with the bad hosts on the internet some examples are 18.104.22.168, 22.214.171.124, 126.96.36.199, and 188.8.131.52 who are part of the computing side of amazon.com. Oh i have many more but i don’t want to bore you by 32 bit addresses.
The numbers mentioned cannot do ssl, or intentionally try to break it. Here in the zoo failtoban (my blog) spots them and blocks them and that’s how i know these are shit hosts, or scammy clients of amazon. It got to point dear amazon shareholder that i have certain netblocks etched into my brain of amazon server assigned ip’s.
So ok your thinking amazon will deal with it. Well they wont unless i give them a protocol analyser output of the specific date and time which is not going to happen on our production web servers here in the zoo. So they keep coming and failtoban does it job.
So is this a problem – well having replaced mod ssl (my blog) for something better ecs clients still keep doing the same thing which i know the ssl certificate works and gets an a- for config (my blog). Its not us. That means ecs has a rather shit reputation here. I cannot comment about anybody else
This means i am thinking of blocking your ecs service with those numbers i keep seeing and i cant personally buy amazon sourced products and services. I am happy to retard your stock returns and make the clients of amazon wonder why the shit software in use fails to connect or work.
To block amazon i used the command
ip route add prohibit 184.108.40.206/12
That seems to cover some of amazon’s ip space as on boot amazon ip’s like ec2-54-191-158-13.us-west-2.compute.amazonaws.com [220.127.116.11] can connect, and afterwards i see no more log entries. Might be some collateral damage but my first attempt seems to have dev nulled most of the problem. I did think about block listed individual hosts /32 or smaller subnets /24 [256 hosts] but the individual hosts would change too often and the /24 subnets would mean a lots of entries. Hence the big mallet or /12
Other ranges include 18.104.22.168/14 22.214.171.124/12 126.96.36.199/13 188.8.131.52/12 184.108.40.206/12 220.127.116.11/13 18.104.22.168/12 22.214.171.124/15 126.96.36.199/12
We are getting there but the more you piss us off with your talk to the hand attitude the easier i find it to make your ip to not route. It i was ec2/aws client i would not be happy.