nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: de-peering for security sake

From: Baldur Norddahl <baldur.norddahl () gmail com>
Date: Sat, 26 Dec 2015 16:19:15 +0100
On 26 December 2015 at 16:09, Stephen Satchell <list () satchell net> wrote:


On 12/26/2015 06:19 AM, Mike Hammett wrote:


How much is an acceptable standard to the community? Individual /32s
( or /64s)? Some tipping point where 50% of a /24 (or whatever it's
IPv6 equivalent would be) has made your naughty list that you block
the whole prefix?



My gauge is volume of obnoxious traffic.  When I get lots of SSH probes
from a /32, I block the /32.  When I get lots of SSH probes across a range
of a /24, I block the /24.




Do you people have nothing better to do than scan firewall log files and
insert rules to block stuff that was already blocked by default?

Hint: if ssh probes spams your log then move your ssh service to a non
standard port.

Regards,

Baldur
Previous By Date Next
Previous By Thread Next

Current thread: