this post was submitted on 06 Nov 2024
1 points (100.0% liked)

cybersecurity

10 readers
1 users here now

This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc.

founded 1 year ago
MODERATORS
[email protected]
1
Distributed brut force attack: Should I submit these ranges to Open Threat Exchange? (zerobytes.monster)
submitted 2 weeks ago by [email protected] to c/[email protected]
0 comments fedilink hide all child comments
 
The original post: /r/cybersecurity by /u/silentlycontinue on 2024-11-06 15:48:21.

Greetings,

I found that about 95% of failed remote VPN login traffic, about 5k daily monitored IPs, was caused by 2 subnets that seem to be managed by the same company or ISP; a /18 and a /19. The IPs rotated too frequently, each IP only making 2 login attempts, for the threat-detection authentication service to automatically shun them. So I blocked the ranges with a block list instead.

Should I submit those ranges to an Open Threat Exchange, or other threat intel service, along with an explanation of what I was seeing on the firewall? Or are such distributed brute force attacks so frequent that it would not be of interest?

_Silently

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here