nanog mailing list archives
Re: Dealing with abuse complaints to non-existent contacts
From: charles () thefnf org
Date: Mon, 11 Aug 2014 12:48:34 -0500
On 2014-08-10 10:19, Gabriel Marais wrote:
Hi Nanog I'm curious.I have been receiving some major ssh brute-force attacks coming from random hosts in the 116.8.0.0 - 116.11.255.255 network. I have sent a complaint to the e-mail addresses obtained from a whois query on one of the IP Addresses.
Did they have a dedicated abuse e-mail? Did you receive an automated confirmation (which generally means the communication went into some sort of ticket queue as opposed to $random_employee_malbox_who_has_moved_on .
How did you format the e-mail? What information did you provide?(Folks here, what do you look for in an abuse complaint to take it seriously)? I imagine many here have template/ticket systems for abuse communications? What info do you ask for in those communications?
My e-mail bounced back from both recipients. Once being rejected by filterand the other because the e-mail address doesn't exist. I would havethought that contact details are rather important to be up to date, or not?
Yes. For operators who actually care about running their networks and being good citizens. At least that's my opinion.
Besides just blocking the IP range on my firewall, I was wondering what others would do in this case?
Well of course fail2ban is always good.My personal preference is only expose HTTPS/SMTPS/IMAPS to the world. Zero management traffic on the front channel. SSH is only possible once you have connected to the VPN (which is running on 443 on another IP and is accessible without any firewall restrictions).
Current thread:
- RE: Dealing with abuse complaints to non-existent contacts, (continued)
- RE: Dealing with abuse complaints to non-existent contacts Tony Hain (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Suresh Ramasubramanian (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Stephen Satchell (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts John Levine (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Jon Lewis (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Christopher Rogers (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Alexander Merniy (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Mike Hale (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts Rich Kulawiec (Aug 11)
- Re: Dealing with abuse complaints to non-existent contacts Christopher Rogers (Aug 10)
- Re: Dealing with abuse complaints to non-existent contacts David Ford (Aug 10)