nanog mailing list archives

Re: Portscans/PROXY scans

From: Sean Donelan <sean () donelan com>
Date: Sat, 1 Nov 2003 17:23:24 -0500 (EST)


On Sat, 1 Nov 2003 John_York () Dell com wrote:

We're seeing an incredible amount of port- and proxy-scans from 211.0.0.0/8,
and 0 legitimate packets from the same range. I'm thinking about blocking
the entire /8, as noone on our network needs any contact with Asia (I belive
those addresses are all in Asia - correct me if I'm wrong). Has anyone here
blocked 211.? Any unexpected results when doing so?


Unexpected?  It depends on what you expect the results to be.

I have acted as a diplomat de jure negotating resumption of traffic
between people blocking these network ranges and organizations in Japan in
the past.  In addition to Japan, the 211 netblock is assigned to
organizations in other Asia Pacific countries.

Its your network (or maybe your employer's network) to do whatever you
choose.  You may want to consider blocking smaller ranges than the
entire /8.

Current thread:

Portscans/PROXY scans John_York (Nov 01)
- Re: Portscans/PROXY scans Sean Donelan (Nov 01)
  - Re: Portscans/PROXY scans Suresh Ramasubramanian (Nov 01)
    - Re: Portscans/PROXY scans Paul Vixie (Nov 01)
    - Re: Portscans/PROXY scans Andrew D Kirch (Nov 02)
    - Re: Portscans/PROXY scans Matthew Sullivan (Nov 02)
    - Re: Portscans/PROXY scans Paul Vixie (Nov 02)
    - The Internet's Immune System Christopher X. Candreva (Nov 12)
    - Re: The Internet's Immune System David A. Ulevitch (Nov 12)
    - Re: The Internet's Immune System Christopher X. Candreva (Nov 12)
    - Re: The Internet's Immune System Bryan Bradsby (Nov 12)
  - Re: Portscans/PROXY scans Joe Abley (Nov 01)

(Thread continues...)