Re: BGP hijack from 23724 -> 4134 China?

[Jim Burwell <jimb () jsbc cc>]

On 4/9/2010 15:42, Benjamin Billon wrote:
> > > This is also blocking Sina, Netease, Yahoo.cn and other major
> > > Chinese ISP/ESP. Am I the only to think this is not very smart?
> >
> > It depends. I'am not a fan of country blocking. But in my case it can
> > work for a home server. You could adapt the list and block port 22
> > only for production servers where you can't expect to never have
> > email from China, but can safely block brute force ssh attacks.
> Yep, home server, your server. That's not the same when you have
> customers who rely on your server.
> IMHO, port 22 and other critical ports should always be blocked except
> from known places.
I personally use a port knocking setup and it pretty much eliminates SSH
brute force account/password hacks.  Actually, on one box that didn't
have the ability to do that, I simply moved the SSH port.  This was
surprisingly effective, although a bit inconvenient. 

I'll have to say that a very large number of the brute attempts were
from Chinese IPs.  Hopefully they're not reading this.  ;-)