IPs in the 10.xxx.xxx.xxx range?
Any idea what all those hits from IPs like 10.137.76.44 are from? I can't find any info on them anywhere.
Generally, ip addresses starting with 10 or 192 are local to your network. So in this case, it might, for example, be an intranet page with images linked from your distribution.
Jason Kester
Wednesday, January 19, 2011
I agree but all those entries look more or less like:10.253.138.33 3272ee65a908a7677109fedda345db8d9554ba26398b2ca10581de88777e2b61 - [08/Jan/2011:18:25:14 +0000] "POST /soap/ HTTP/1.1" 200 797 "-" "Axis/1.3" -or10.253.138.33 3272ee65a908a7677109fedda345db8d9554ba26398b2ca10581de88777e2b61 - [08/Jan/2011:17:30:54 +0000] "GET /?acl HTTP/1.1" 200 1679 "-" "Jakarta Commons-HttpClient/3.0" -These look to me like bots hacking from inside of Amazon.Where am I wrong?
BTW: The only access "I" have to this storage is threw a DSL router with a 76.xxx.xxx.xxx IP. There's something funny here.
That sounds like it might be correct. It could be traffic from within Amazon's network.
Jason Kester
Saturday, January 22, 2011
If this *is* malicious, do you by any chance know what Amazon does about someone guessing the name of a "public" file, and downloading it 800,000 times? Other than sending me the bill, that is........Thanks for your help,
Bob
--
fidmas
Saturday, January 22, 2011
Indeed, if that happens, it will cost you $0.08.This is something that can happen to anybody running a website. And like the rest of us, you'll at some point need to do the cost analysis and determine that it's not worth spending even one minute of your time worrying about it.
Jason Kester
Sunday, January 23, 2011
LOL. :-} You're right!
fidmas
Monday, January 24, 2011
[ reply to this topic ]
[ return to topic list ]
|