nanog mailing list archives
Re: Dealing with abuse complaints to non-existent contacts
From: Stephen Satchell <list () satchell net>
Date: Sun, 10 Aug 2014 10:04:54 -0700
On 08/10/2014 08:19 AM, Gabriel Marais wrote:
Hi Nanog I'm curious. I have been receiving some major ssh brute-force attacks coming from random hosts in the 116.8.0.0 - 116.11.255.255 network. I have sent a complaint to the e-mail addresses obtained from a whois query on one of the IP Addresses. My e-mail bounced back from both recipients. Once being rejected by filter and the other because the e-mail address doesn't exist. I would have thought that contact details are rather important to be up to date, or not? Besides just blocking the IP range on my firewall, I was wondering what others would do in this case? Regards, Gabriel
I no longer try to send notices to network operators that don't publish a working abuse mail address for the netrange assignment or the SWIP. For the best-practices-clueless, I just round-file them when I see attacks above a certain level. Ditto mail attacks, particularly from netranges/servers that don't have working postmaster@ addresses or MX. (I'm considering adding a separate network ACL for SMTP/SUBMISSION in my mail servers, but so far all the verifiable mail abusers have had other bad habits, too.)
From my firewall generator's "kill network" list:
116.10.191.0/24 china ssh abuser 2014 August That entry went into the ACL six months ago, but it's only recently that I started dating the entries. I now have canaries (tcpwrappers, logwatch) in four systems on widely separate IP netranges. Those systems have a virtually-everything-closed firewall (IPTables, logwatch) and the resulting logs show where some of the most vicious scans are coming from. PLONK!
Current thread:
- Re: Dealing with abuse complaints to non-existent contacts, (continued)
- Re: Dealing with abuse complaints to non-existent contacts Bill Woodcock (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts David Conrad (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts goemon (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Gabriel Marais (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts John Levine (Aug 11)
- Re: Dealing with abuse complaints to non-existent contacts Owen DeLong (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Mark Andrews (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Suresh Ramasubramanian (Aug 10)
- RE: Dealing with abuse complaints to non-existent contacts Tony Hain (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Suresh Ramasubramanian (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Christopher Rogers (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Alexander Merniy (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Mike Hale (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Rich Kulawiec (Aug 11)