The IP hit us with 2TB of data in under 5 minutes. To stop the flood, we have been forced to null route the server. was found in our database!
This IP was reported 2 times this week. See below for details.
ISP Microsoft Corporation
Usage Type Data Center/Web Hosting/Transit
Domain Name
Country United States
City San Jose, California

http s://w ww.abus eipdb.c om/ch eck/
Suggested: "Firewall - block on port TCP 22 {ssh} " does this apply in my case?

** nfdump -M /home/netflow/profiles-data/live/ar-01_sjc-ca:ar-02_sjc-ca -T -r 2017/11/30/nfcapd.201711301450 -n 50 -s record/packets
nfdump filter:
(( ident ar-01_sjc-ca or ident ar-02_sjc-ca) and (
IN IF 151
( ident ar-01_sjc-ca or ident ar-02_sjc-ca) and (
OUT IF 151
)) and ( host )
Aggregated flows 116
Top 50 flows ordered by packets:
Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows
2017-11-30 14:51:12.157 73.858 UDP -> 1.3 G 2.0 T 31

Is there anyway to discern if this was an intentional attack?
How can I tell what this was aimed at, this server does many things?
What can I do to stop this?