nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Customer-facing ACLs

From: Adrian Chadd <adrian () creative net au>
Date: Mon, 10 Mar 2008 23:53:08 +0900


Do bots try brute force attacks on Telnet and FTP? All I see at my firewall
are SSH attacks and spam. But sure, if there's a lot of Telnet abuse block
23 too; I think it's used about as rarely by "normal" customers as SSH is.



Depending on the ip space I find FTP brute force attacks 10 times more 
common than SSH attacks. There really isn't a blanket rule you can impose.

On a different note, unless you clearly advertise that you're offering 
filtered services I don't really find the practice ethical - and no a 
tiny line in the TOS doesn't really cut it IMHO.

That doesn't mean it can't be done, simply spin the imposed ACL as a 
value-add and that your customers are now on a "safer internet".


Does anyone have any handy links to actual raw data and papers about this?

I'm sure we've all got our own personal datapoints to support automated
network probes but I'd prefer to stuff something slightly more concrete
and official(!) into the Wiki.




Adrian
Previous By Date Next
Previous By Thread Next

Current thread: