nanog mailing list archives
Re: Abuse Desks
From: Mukund Sivaraman <muks () mukund org>
Date: Wed, 29 Apr 2020 21:28:55 +0530
On Wed, Apr 29, 2020 at 10:12:29AM -0500, Chris Adams wrote:
Once upon a time, Mukund Sivaraman <muks () mukund org> said:If an abuse report is incorrect, then it is fair to complain.The thing is: are 3 failed SSH logins from an IP legitimately "abuse"?
It is configurable. Anyway, I don't know how else one would interpret a pattern like this other than the obvious: Apr 28 22:28:05 jupiter sshd[24509]: Invalid user java from 209.141.55.11 port 36334 Apr 28 22:28:05 jupiter sshd[24504]: Invalid user openvpn from 209.141.55.11 port 36768 Apr 28 22:28:05 jupiter sshd[24506]: Invalid user devops from 209.141.55.11 port 36756 Apr 28 22:28:05 jupiter sshd[24510]: Invalid user vagrant from 209.141.55.11 port 36784 Apr 28 22:28:05 jupiter sshd[24507]: Invalid user user from 209.141.55.11 port 36796 Apr 28 22:28:05 jupiter sshd[24508]: Invalid user oracle from 209.141.55.11 port 36776 Apr 28 22:28:05 jupiter sshd[24505]: Invalid user ubuntu from 209.141.55.11 port 36798 Apr 28 22:28:05 jupiter sshd[24514]: Invalid user test from 209.141.55.11 port 36780 Apr 28 22:28:05 jupiter sshd[24513]: Invalid user ec2-user from 209.141.55.11 port 36752 It *can* be legitimate traffic, but then I hope the owner of this machine has applied for special permission stating their reason for doing this kind of probing before they are allowed to keep doing this over time and sending such traffic to multiple IP addresses (similar to how, at some service providers, one has to apply for TCP port 25 to be allowed after claiming they're not spammers). Mukund
Current thread:
- Re: Abuse Desks, (continued)
- Re: Abuse Desks Mike Hammett (Apr 29)
- Re: Abuse Desks Stephen Satchell (Apr 29)
- Re: Abuse Desks Mike Hammett (Apr 29)
- Re: Abuse Desks Matt Corallo via NANOG (Apr 29)
- Re: Abuse Desks Mukund Sivaraman (Apr 29)
- Re: Abuse Desks Tom Beecher (Apr 29)
- Re: Abuse Desks Mukund Sivaraman (Apr 29)
- Re: Abuse Desks Tom Beecher (Apr 29)
- Re: Abuse Desks Laszlo Hanyecz (Apr 29)
- Re: Abuse Desks Brian J. Murrell (Apr 29)
- Re: Abuse Desks Mukund Sivaraman (Apr 29)
- Re: Abuse Desks Mel Beckman (Apr 29)
- Re: Abuse Desks Matt Corallo via NANOG (Apr 29)
- Re: Abuse Desks Matt Corallo via NANOG (Apr 29)
- Re: Abuse Desks William Herrin (Apr 29)
- Re: Abuse Desks Matt Corallo via NANOG (Apr 29)
- Re: Abuse Desks William Herrin (Apr 29)