nanog mailing list archives

Re: Abuse Desks

From: Stephen Satchell <list () satchell net>
Date: Wed, 29 Apr 2020 09:08:03 -0700

On 4/29/20 8:41 AM, Mel Beckman wrote:

Is there any reason to have a root-enabled (or any) ssh server
exposed to the bare Internet? Any at all? Can you name one? I can’t.
That’s basically pilot error.

Remember HeartBleed? That didn't require a rout-enabled SSH server. Itdidn't require SSH server.

That said, I use TCPWRAPPER to limit access to SSH to specific IPaddresses. I process my LogWatch messages manually. I pull the firealarm for showshoe probes, and excessive number of probes (over 30 in a24-hour period). No registered abuse@ address in the WHOIS? Theoffending netblock goes into my edge router ACL, because I have learnedthat ne'er-do-wells without working abuse@ usually have other bad habits.


And I disclose this practice to all who use my network.

(Blackmail emails are another set-and-forget trigger, but that's asubject for NANAE newsgroup.)

Current thread:

Re: Abuse Desks, (continued)
- - - Re: Abuse Desks Chris Adams (Apr 29)
    - Re: Abuse Desks sronan (Apr 29)
    - Re: Abuse Desks Mel Beckman (Apr 29)
    - Re: Abuse Desks Shane Ronan (Apr 29)
    - Re: Abuse Desks Mel Beckman (Apr 29)
    - Re: Abuse Desks Mike Hammett (Apr 29)
    - Re: Abuse Desks Valdis Klētnieks (Apr 29)
    - Re: Abuse Desks Joe Greco (Apr 29)
    - Re: Abuse Desks Mel Beckman (Apr 29)
    - Re: Abuse Desks Joe Greco (Apr 29)
    - Re: Abuse Desks Stephen Satchell (Apr 29)
    - Re: Abuse Desks Sabri Berisha (Apr 29)
    - Re: Abuse Desks Mel Beckman (Apr 29)
    - Re: Abuse Desks Sabri Berisha (Apr 29)
    - Re: Abuse Desks Mukund Sivaraman (Apr 29)
    - Re: Abuse Desks Stephen Satchell (Apr 29)
    - Re: Abuse Desks Mike Hammett (Apr 29)
    - Re: Abuse Desks Stephen Satchell (Apr 29)
    - Re: Abuse Desks Mike Hammett (Apr 29)
    - Re: Abuse Desks Matt Corallo via NANOG (Apr 29)
    - Re: Abuse Desks Mukund Sivaraman (Apr 29)

(Thread continues...)