nanog mailing list archives
Re: Abuse Desks
From: Mel Beckman <mel () beckman org>
Date: Wed, 29 Apr 2020 22:15:16 +0000
Sabri, A clever idea to be sure, but it seems open to abuse. What stops someone from forging a tcp syn from every /24 on the Internet, causing you to blackhole your access to everywhere? -mel
On Apr 29, 2020, at 2:24 PM, Sabri Berisha <sabri () cluecentral net> wrote: ----- On Apr 29, 2020, at 9:08 AM, Stephen Satchell list () satchell net wrote: Hi,That said, I use TCPWRAPPER to limit access to SSH to specific IP addresses. I process my LogWatch messages manually. I pull the fire alarm for showshoe probes, and excessive number of probes (over 30 in a 24-hour period). No registered abuse@ address in the WHOIS? The offending netblock goes into my edge router ACL, because I have learned that ne'er-do-wells without working abuse@ usually have other bad habits.I have a very simple method to deal with that: a server with no other purpose than to blackhole portscanning culprits. Send so much as a tcp syn to port 22 and your entire /24 goes to null0 for a month. I have a few exceptions for entities that I know are responsive to abuse@, but that's it. Highly effective. Thanks, Sabri
Current thread:
- Re: Abuse Desks, (continued)
- Re: Abuse Desks Mel Beckman (Apr 29)
- Re: Abuse Desks Shane Ronan (Apr 29)
- Re: Abuse Desks Mel Beckman (Apr 29)
- Re: Abuse Desks Mike Hammett (Apr 29)
- Re: Abuse Desks Valdis Klētnieks (Apr 29)
- Re: Abuse Desks Joe Greco (Apr 29)
- Re: Abuse Desks Mel Beckman (Apr 29)
- Re: Abuse Desks Joe Greco (Apr 29)
- Re: Abuse Desks Stephen Satchell (Apr 29)
- Re: Abuse Desks Sabri Berisha (Apr 29)
- Re: Abuse Desks Mel Beckman (Apr 29)
- Re: Abuse Desks Sabri Berisha (Apr 29)
- Re: Abuse Desks Mukund Sivaraman (Apr 29)
- Re: Abuse Desks Stephen Satchell (Apr 29)
- Re: Abuse Desks Mike Hammett (Apr 29)
- Re: Abuse Desks Stephen Satchell (Apr 29)
- Re: Abuse Desks Mike Hammett (Apr 29)
- Re: Abuse Desks Matt Corallo via NANOG (Apr 29)
- Re: Abuse Desks Mukund Sivaraman (Apr 29)
- Re: Abuse Desks Tom Beecher (Apr 29)
- Re: Abuse Desks Mukund Sivaraman (Apr 29)