nanog mailing list archives
Re: Dealing with abuse complaints to non-existent contacts
From: David Ford <david () blue-labs org>
Date: Sun, 10 Aug 2014 22:16:58 -0400
i have numerous servers that must have open ssh access to everyone in multiple datacenters for several hundred users from many different and varying origins that change frequently. whitelist/blacklisting would be a nightmare.
i use a PAM module that automatically adds every new ssh connection IP to an xt_recent blacklist, a) if you succeed authenticating, your IP is automatically removed, b) if more packets arrive that exceed the count limit within time limit for your /24, you automatically get blocked for a while.
no point wasting time managing blacklists on IPs when nearly all of them are bots and most of the service providers out there either a) don't care, b) don't have a functioning abuse/security contact, c) ignore reports, or d) helplessly clueless.
-d On Sun, 10 Aug 2014, Gabriel Marais wrote:
I have been receiving some major ssh brute-force attacks coming from random hosts in the 116.8.0.0 - 116.11.255.255 network. I have sent a complaint to the e-mail addresses obtained from a whois query on one of the IP Addresses.
Current thread:
- Re: Dealing with abuse complaints to non-existent contacts, (continued)
- Re: Dealing with abuse complaints to non-existent contacts Suresh Ramasubramanian (Aug 10)
- RE: Dealing with abuse complaints to non-existent contacts Tony Hain (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Suresh Ramasubramanian (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Christopher Rogers (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Alexander Merniy (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Mike Hale (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Rich Kulawiec (Aug 11)