Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortinewbie
New Contributor

Suspicious IP address appearing in PER-IP Bandwidth usage

Good Day Everyone!

I am new to the forum and in using fortinet. We are using a fortigate 60C (MR3 Patch 7) and I keep seeing this IP address in the per-ip bandwith usage. 

 

218.65.30.107 - 107.30.65.218.broad.xy.jx.dynamic.163data.com.cn

(https://www.abuseipdb.com/index.php/check/218.65.30.107?page=10)

(http://goughlui.com/2015/04/27/experiment-ssh-honeypot-week-2/) 58.242.83.14

 

the first IP is tagged as a known ssh attacker from an ISP in China called Chinanet-jx. May I ask for an advice on what should I do with this? should I be alarmed? will creating a denying policy block this suspicious IP address? Thank you all so much in advance.

 

Regards,

Michael

0 REPLIES 0