nanog mailing list archives
Re: Dealing with abuse complaints to non-existent contacts
From: Christopher Rogers <phiber () phiber org>
Date: Sun, 10 Aug 2014 10:20:15 -0700
http://www.fail2ban.org/ 2014-08-10 10:18 GMT-07:00 Jon Lewis <jlewis () lewis org>:
On Sun, 10 Aug 2014, Gabriel Marais wrote: I have been receiving some major ssh brute-force attacks coming fromrandom hosts in the 116.8.0.0 - 116.11.255.255 network. I have sent a complaint to the e-mail addresses obtained from a whois query on one of the IP Addresses. My e-mail bounced back from both recipients. Once being rejected by filter and the other because the e-mail address doesn't exist. I would have thought that contact details are rather important to be up to date, or not?Why? Besides just blocking the IP range on my firewall, I was wondering whatothers would do in this case?I've been blocking SSH from random IPs for many years. Unless you have to run an open system that customers SSH into (unlikely in these times), my recommendation is block SSH entirely from non-trusted networks and setup some form of port-knocking or similar access controls such that legitimate users can open a window to make their connection, but the rest of the world never sees your sshd. Playing whack-a-mole with firewall or access log violations is a waste of time. ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Current thread:
- Re: Dealing with abuse complaints to non-existent contacts, (continued)
- Re: Dealing with abuse complaints to non-existent contacts Gabriel Marais (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts John Levine (Aug 11)
- Re: Dealing with abuse complaints to non-existent contacts Owen DeLong (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Mark Andrews (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Suresh Ramasubramanian (Aug 10)
- RE: Dealing with abuse complaints to non-existent contacts Tony Hain (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Suresh Ramasubramanian (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Christopher Rogers (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Alexander Merniy (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Mike Hale (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Rich Kulawiec (Aug 11)