Hi all
Some device on our network is attacking PSN (Playstation network), so they block our ip. I asked them for the network block to create a log with the firewall, the responded that they could help me, it changes regularly. Im adding the email message from them. Any advice to stop this will be appreciated.There is about a 1000 clients on our network.
Email:
Hello,
This is the PSN Network Operation Center. There appears to be some compromised equipment somewhere behind this IP address. It is running a list of username/password combinations against our public endpoint(s). The majority of the requests are for accounts that do not exist on our services.
It is also using request patterns known to be used by a botnet. The abusive activity was not related to velocity or volume (many users behind the same IP address, i.e. NAT).
We have seen this behavior most often from malware infected PCs, but also from compromised servers, routers, set-top boxes and even embedded systems.
Destination TCP port 443.
Attached is a list of specific timestamps and destination IP addresses if available. Please note the time zone.
If you are searching through NAT logs, there are five pieces of relevant information per line; Time, Source IP, Source Port, Destination IP and Destination Port.
We are providing four of those five pieces. It is not standard practice to record the Source Port. Additionally, since the connections are terminated outside of our network by a third party, we are unable to record the Source Port. However, with the other four pieces of information, and multiple timestamps, the data will still point to a particular device inside the NAT.
Only individual IP addresses are added to the blacklist, not network blocks. The IP address(es) will automatically age off the blacklist. If the device(s) that are participating in the abuse are fixed or removed from the network, the IP address(es) will not be re-added to the blacklist.
In addition, we have a process to add a network block to a temporary whitelist that will keep the IP addresses from being added to the blacklist. If you give us an email address for a contact, we can add the network block to the whitelist. Each time an IP address in that network block would normally be blacklisted an email is immediately sent to the contact with a short time range for the malicious activity. If you would like to use this process, please give us the network block(s) and a specific email address.
Thank you for your attention to this matter.