Re: Just wondering

[Robert Drake <rdrake () direcpath com>]

On 3/31/2014 10:51 PM, Joe wrote:
> I received several reports today regarding some scans for udp items from
> shadowservers hosted out of H.E. Seems to claim to be checking for issues
> regarding udp issues, amp issues, which I am all fine for, but my issue is
> this. It trips several IDP/IPS traps pretty much causing issues that I have
> to resolve. I have one user that is a home user (outside one of my /16)
> that has seen this as well. Now with that said are these folks that do this
> going to pay for one of my users that pay per bit for this? Does garbage in
> to this really provide a garbage clean? I see they are planing on a bunch
> of other protocols too, so that's nice.
If I was paying per bit I would probably want my ISP to rate limit and 
firewall lots of traffic before it ever reached my pay-per-bit line.  
Otherwise I would be paying for huge amounts of unsolicited traffic from 
everywhere.

> I'm not sure where to go with this other than to advise my other folks to
> drop this traffic from their 184.105.139.64/26 networks and hope for the
> best regarding my FAP folks.
>
> Regards,
> -Joe
If you're comfortable that your internal audits are accurate and what 
these people are doing won't provide you any value, I don't see what 
harm it would do to block them.  Since they also have to worry about 
botnet authors blocking their traffic, I imagine they might change IP 
ranges after a while.  You might complain to them directly and see if 
they can add you to a do not poll list.  It looks like they have a 
couple of emails for issues listed here: 
https://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork