It could just be some rogue deployment script running from EC2 that are a little more active that it should be. Imagine someone is deploying their 1GB repo from GitHub to 100 small EC2 instances :)
My startup cucumbertown.com is hit with similar issues.
Initially we blocked all Ec2[1] & spamhaus ip list. But then realized Flipboard proxies[2], some blog aggregation proxies etc are based on Ec2 machines.
What would be a good way to block such rogue machines? Is there a community sponsored list or Ec2/Rackspace ips that are creating issues?
Banks were being hit the first week of October, then I know some VoIP servers were being hit such as Callcentric by DDoS. I can see why the banks were hit, but not why so many much smaller businesses are being attacked.
I don't think so. If you we're hosting GitHub you would figure out pretty easily if it was related to cloning a specific repo from AWS and just disable the account hosting the repo.
Initially we blocked all Ec2[1] & spamhaus ip list. But then realized Flipboard proxies[2], some blog aggregation proxies etc are based on Ec2 machines.
What would be a good way to block such rogue machines? Is there a community sponsored list or Ec2/Rackspace ips that are creating issues?
https://forums.aws.amazon.com/ann.jspa?annID=1528
http://flipboard.com/browserproxy/