I am getting ~15 TCP connect attempts per second coming from 77.247.108.71, to random destination addresses, random destination ports not likely sensible ones. That source address isn’t changing. Peak I’ve seen so far was 24 packets in a second. I averaged it at 150 packets over ten seconds.
Here’s the whois for that address. Note the postal address!
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '77.247.108.0 - 77.247.108.255'
% Abuse contact for '77.247.108.0 - 77.247.108.255' is 'abuse@vitox.in'
inetnum: 77.247.108.0 - 77.247.108.255
netname: VITOX-TLN-DE-01
descr: VITOX TELECOM
country: DE
geoloc: 49.452 11.0768
org: ORG-VTX1-RIPE
admin-c: VTX2-RIPE
tech-c: VTX2-RIPE
status: ASSIGNED PA
mnt-by: VITOX-MNT
created: 2019-02-27T15:20:23Z
last-modified: 2019-03-14T05:17:44Z
source: RIPE
organisation: ORG-VTX1-RIPE
org-name: VITOX TELECOM
org-type: OTHER
address: 1, Mangu Panna, Village Jaunti, Delhi 110081 India and NETHERLANDS
address: NETHERLANDS ICELAND ROMANIA EUROPE
geoloc: 52.6921234 6.1937187
abuse-c: VTX2-RIPE
mnt-ref: VITOX-MNT
mnt-by: VITOX-MNT
created: 2019-02-27T13:42:38Z
last-modified: 2019-03-13T16:52:42Z
source: RIPE # Filtered
role: VITOX TELECOM NOC
address: 1, Mangu Panna, Village Jaunti, Delhi 110081 India
address: Netherlands
abuse-mailbox: abuse@vitox.in
nic-hdl: VTX2-RIPE
mnt-by: VITOX-MNT
created: 2019-02-27T13:41:10Z
last-modified: 2019-03-01T15:55:32Z
source: RIPE # Filtered
% Information related to '77.247.108.0/24AS209299'
route: 77.247.108.0/24
descr: VITOX TELECOM
origin: AS209299
mnt-by: VITOX-MNT
created: 2019-03-01T15:58:43Z
last-modified: 2019-03-13T17:00:40Z
source: RIPE
% This query was served by the RIPE Database Query Service version 1.94 (BLAARKOP)
These packets are all silently dropped by my Firebrick firewall, but I have already been charged for the bytes and it has eaten a small amount of my bandwidth.
Any thoughts? This is, what, 4800 bps ? ( = 15 * 40 * 8 bits ) Do I need to do anything about it ?
I have already talked briefly to AA about it. I also emailed the abuse contact listed and complained.
I am continuing to keep an eye on it. An hour or so later it was still going on.
I need some pest control. Some sort of spray.