Good morning folks, over the weekend our webserver was offline. We run a script that’s supposed to behave as an adaptive firewall and block IPs that it sees generating malicious traffic. It appears that this script block huge chunks of the internet from accessing our servers.
My first thought is a DOS using spoofed sources IPs just incrementing by one but without a packet trace of the event’s it’s hard to say for certain. We’ve added logic to the script that should see that in the future and not self-clobber.