nanog mailing list archives
Re: Portscans/PROXY scans
From: Sean Donelan <sean () donelan com>
Date: Sat, 1 Nov 2003 17:23:24 -0500 (EST)
On Sat, 1 Nov 2003 John_York () Dell com wrote:
We're seeing an incredible amount of port- and proxy-scans from 211.0.0.0/8, and 0 legitimate packets from the same range. I'm thinking about blocking the entire /8, as noone on our network needs any contact with Asia (I belive those addresses are all in Asia - correct me if I'm wrong). Has anyone here blocked 211.? Any unexpected results when doing so?
Unexpected? It depends on what you expect the results to be. I have acted as a diplomat de jure negotating resumption of traffic between people blocking these network ranges and organizations in Japan in the past. In addition to Japan, the 211 netblock is assigned to organizations in other Asia Pacific countries. Its your network (or maybe your employer's network) to do whatever you choose. You may want to consider blocking smaller ranges than the entire /8.
Current thread:
- Portscans/PROXY scans John_York (Nov 01)
- Re: Portscans/PROXY scans Sean Donelan (Nov 01)
- Re: Portscans/PROXY scans Suresh Ramasubramanian (Nov 01)
- Re: Portscans/PROXY scans Paul Vixie (Nov 01)
- Re: Portscans/PROXY scans Andrew D Kirch (Nov 02)
- Re: Portscans/PROXY scans Matthew Sullivan (Nov 02)
- Re: Portscans/PROXY scans Paul Vixie (Nov 02)
- The Internet's Immune System Christopher X. Candreva (Nov 12)
- Re: The Internet's Immune System David A. Ulevitch (Nov 12)
- Re: The Internet's Immune System Christopher X. Candreva (Nov 12)
- Re: Portscans/PROXY scans Suresh Ramasubramanian (Nov 01)
- Re: The Internet's Immune System Bryan Bradsby (Nov 12)
- Re: Portscans/PROXY scans Sean Donelan (Nov 01)