Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
9080 Views 8 Replies Latest reply: Oct 11, 2012 3:50 PM by Hayton RSS
ferr3816 Newcomer 3 posts since
Oct 5, 2012
Currently Being Moderated

Oct 5, 2012 11:25 PM

S3.AMAZONAWS.COM - DOS Attack?

Hello,

     For the last few weeks I've been getting dozens of IP attempts to access my computer.  Fortunately, the Netguard on my McAfee suite is blocking the attempts (deeming them "risky connections"), but obviously I've very concerned.  All of the attempts have been coming from some variation of s3.amazonaws.com.  Research I've done indicates that although the ISP may say amazon.com, these may very well be some sort of DOS attack, virus, malware, etc. 

      I've done numerous scans, whether that is anti-virus, malware, spyware, you name it.  But the IP attempts continue.

 

     Does anyone have any recommendations that I can perform to stop these attempts once and for all?  Here are the IP's in question:

 

72.21.195.33

72.21.195.160

72.21.211.171

72.21.211.199

72.21.214.144

72.21.215.75

72.21.215.90

72.21.215.100

72.21.215.132

72.21.215.196

205.251.242.100

205.251.242.132

205.251.251.4

207.171.163.4

207.171.163.23

207.171.163.162

 

Thanks in advance,

Tony

  • Hayton Volunteer Moderator 4,616 posts since
    Sep 27, 2010
    Currently Being Moderated
    1. Oct 6, 2012 12:28 AM (in response to ferr3816)
    Re: S3.AMAZONAWS.COM - DOS Attack?

    If you mean Netguard has been putting up warnings about these IP addresses, that means one or more of your programs is attempting to contact them. Netguard blocks outgoing connections.

     

    http://www.ehow.com/info_12225660_mcafee-connection-attempt-blocked.html

    Net Guard ... actively reviews each website you try to visit. Net Guard scans the website address and compares it to McAfee's current list of trusted and untrusted websites to determine a safety level. If Net Guard sees the website as risky, it blocks your connection attempt and prompts you with a warning.

     

    You can see a log of failed inbound connection attempts in the History and Logs section of Security Center.

     

    There is another thread where the Amazon server IP addresses are being discussed - see

    https://community.mcafee.com/message/258613#258613

     

    People talk in awe about The Cloud but all it boils down to is some organisation like Amazon with a whole load of servers subletting space on some of them. If suspect material gets uploaded to a server then that IP address becomes suspect. Amazon servers host third-party content with relatively little oversight on Amazon's part so it's little wonder if Amazon servers are beginning to be blocked by Netguard.

     

    Edit - There's also another thread from  earlier this year about Netguard blocking connections to Amazon IP addresses -

    https://community.mcafee.com/thread/45456?tstart=0

     

    Message was edited by: Hayton on 06/10/12 06:28:14 IST

    Volunteer Moderator  Leeds, UK
    No PM's please
  • Hayton Volunteer Moderator 4,616 posts since
    Sep 27, 2010
    Currently Being Moderated
    3. Oct 6, 2012 3:22 PM (in response to ferr3816)
    Re: S3.AMAZONAWS.COM - DOS Attack?

    The Netguard message should tell you which program initiated the connection attempt which was blocked.

     

    McAfee Communities- IP Addresses owned by Amazon.com making....png


    Volunteer Moderator  Leeds, UK
    No PM's please
  • Hayton Volunteer Moderator 4,616 posts since
    Sep 27, 2010
    Currently Being Moderated
    5. Oct 6, 2012 5:25 PM (in response to ferr3816)
    Re: S3.AMAZONAWS.COM - DOS Attack?

    Well, those four aren't exactly dangerous. I checked them out and they're all Adware. McAfee puts that into the "Maybe unwanted but leave it alone" category.

     

    The relevent info is that it's Google making the connections that Netguard blocks. That's presumably "Google" as in "Chrome". Something on downloaded web pages will be trying to connect to site on those servers that NetGuard is blocking. The block is almost certainly because there's something somewhere on each server that's cuased the IP address to be rated unsafe. There's no way of knowing (without some deep investigation) whether allowing the connection to be made would actually be risky. Most probably the web pages are only calling up the server to display advertising ...

     

    If you want to cut down the number of these blocked connections there's a program from Abine (DoNotTrack+) which might help. In Firefox I would advise NoScript. And AdBlock in both browsers.


    Volunteer Moderator  Leeds, UK
    No PM's please
  • Hayton Volunteer Moderator 4,616 posts since
    Sep 27, 2010
    Currently Being Moderated
    6. Oct 7, 2012 10:08 AM (in response to ferr3816)
    Re: S3.AMAZONAWS.COM - DOS Attack?

    The server problems may be related to the sending of spam, in which case this is not a new problem at all. I've found posts in other forums going back to 2009 where an Amazon AWS server gets blcklisted for that reason. Amazon don't seem to have any way of monitoring their servers for this sort of thing, and don't seem to be very fast when it comes to de-blacklisting their servers.

     

    See any one of these Amazon/spam/blacklisting site pages -

     

    http://www.forumpostersunion.com/showthread.php?t=23073

    http://www.forumpostersunion.com/showthread.php?t=22581

    http://www.forumpostersunion.com/showthread.php?t=11245

    http://www.forumpostersunion.com/showthread.php?t=22782

     

    http://serverfault.com/questions/165854/my-ec2-instances-email-is-being-spam-blo cked-by-gmail

    http://serverfault.com/questions/307983/how-does-ip-blacklisting-work-on-virtual ized-shared-hosting

     

    http://www.mailchannels.com/blog/tag/blacklist/

     

    http://news.ycombinator.com/item?id=883622

     

    https://forums.aws.amazon.com/thread.jspa?threadID=37395&start=25&tstart=0


    Volunteer Moderator  Leeds, UK
    No PM's please
  • hemi340 Newcomer 6 posts since
    Oct 9, 2012
    Currently Being Moderated
    7. Oct 9, 2012 8:09 AM (in response to ferr3816)
    Re: S3.AMAZONAWS.COM - DOS Attack?

      I am having the same issue now with Amazon Cloud Player. This never happened to me the last time I used it about 1 month ago, so this is something new that has popped up. Now everytime I log into Amazon Cloud Player via my PC (Using IE or Firefox), Net Guard pops up as being blocked as a risky connection. IP Range always will be some where between 72.21.203.150 to 72.21.215.135 With these being blocked it will not  allow me to stream my music. If I go into Net Guard and allow the IP, then Amazon Cloud Player works perfect. However if I close my browser and log back in again to the Amazon Cloud Player, a different IP begiing with 72.21.xxx.xxx appears and then I have to allow this one in order to use the Cloud Player.

     

    This is very frustrating as I use to never have this problem. I noticed some other blogs where apple services is having the same issue with the same IP range as well. I have posted a support ticket with McAfee. Their Tier 1 support could not resolve it, so they have turned it over to Tier 2 support. They told me they would contect me in 24 to 48 hours to continue trouble shooting. Will keep you updated

  • Hayton Volunteer Moderator 4,616 posts since
    Sep 27, 2010
    Currently Being Moderated
    8. Oct 11, 2012 3:50 PM (in response to hemi340)
    Re: S3.AMAZONAWS.COM - DOS Attack?

    This thread has been moved into Personal Firewall to be with another thread about Amazon IP addresses.


    Volunteer Moderator  Leeds, UK
    No PM's please

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points