Good Day Everyone!
I am new to the forum and in using fortinet. We are using a fortigate 60C (MR3 Patch 7) and I keep seeing this IP address in the per-ip bandwith usage.
218.65.30.107 - 107.30.65.218.broad.xy.jx.dynamic.163data.com.cn
(https://www.abuseipdb.com/index.php/check/218.65.30.107?page=10)
(http://goughlui.com/2015/04/27/experiment-ssh-honeypot-week-2/) 58.242.83.14
the first IP is tagged as a known ssh attacker from an ISP in China called Chinanet-jx. May I ask for an advice on what should I do with this? should I be alarmed? will creating a denying policy block this suspicious IP address? Thank you all so much in advance.
Regards,
Michael
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.