With the visualization system built to capture the data from the Enterprise Shield firewall system, I get to see exactly who the top Offenders are. This is the start of a series that allows me to share with the larger community who exactly has been trying to bring my tiny home web server to its knees.
Using the Campaign naming schema, you can see many of the same providers showing up and being classified based on timing and attack pattern.
This has been a busy 7 days for surges in traffic.
The various surges are made up traffic from small numbers of IPs (SoloRDP – AS150303 with 2 IPs for 11,517 firewall hits) to large distributed attacks with huge blocks of IPs (Cloudflare WARP – AS13335 & AS14789; 3xK Tech GmbH – AS200373; etc.).
Overall, it’s been a good learning experience to be able to see a full 7 days of traffic that was previously invisible to me.
Leave a Reply