nanog mailing list archives
Re: Customer-facing ACLs
From: Joel Jaeggli <joelja () bogus com>
Date: Fri, 07 Mar 2008 21:40:52 -0800
Frank Bulk wrote:
The last few spam incidents I measured an outflow of about 2 messages per second. Does anyone know how aggressive Telnet and SSH scanning is? Even if it was greater, it's my guess there are many more hosts spewing spam thanthere are running abusive telnet and SSH scans.
Judging by the hits on my firewall there's a fair amount of variationbetween the scanners that are doing a couple login attempts per hour, and the bot that's making thousands of login attempts with 4 or 5 connection attempts going at a time. We don't filter them till they hit a threshold.
I don't even bother to log telnet attempts anymore so I can't say much about that.
Frank -----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Mark Foster Sent: Friday, March 07, 2008 10:02 PM To: Dave Pooser Cc: nanog () merit edu Subject: Re: Customer-facing ACLsBlocking port 25 outbound for dynamic users until they specificallyrequestit be unblocked seems to me to meet the "no undue burden" test; so would port 22 and 23. Beyond that, I'd probably be hesitant until I eitherstartedgetting a significant number of abuse reports about a certain flavor of traffic that I had reason to believe was used by only a tiny minority ofmyown users.Sorry, I must've missed something. Port 25 outbound (excepting ISP SMTP server) seems entirely logical to me. Port 22 outbound? And 23? Telnet and SSH _outbound_ cause that much of a concern? I can only assume it's to stop clients exploited boxen being used to anonymise further telnet/ssh attempts - but have to admit this discussion is the first i've heard of it being done 'en masse'. It'd frustrate me if I jacked into a friends Internet in order to do some legitimate SSH based server administration, I imagine... Is this not 'reaching' or is there a genuine benefit in blocking these ports as well? Mark.
Current thread:
- Re: Customer-facing ACLs, (continued)
- Re: Customer-facing ACLs Justin Shore (Mar 07)
- Re: Customer-facing ACLs Dave Pooser (Mar 07)
- Re: Customer-facing ACLs Joel Jaeggli (Mar 07)
- Re: Customer-facing ACLs Justin Shore (Mar 07)
- Re: Customer-facing ACLs Scott Weeks (Mar 07)
- RE: Customer-facing ACLs Carpenter, Jason (Mar 07)
- Re: Customer-facing ACLs Dave Pooser (Mar 07)
- Re: Customer-facing ACLs Andy Dills (Mar 07)
- Re: Customer-facing ACLs Dave Pooser (Mar 07)
- Re: Customer-facing ACLs Mark Foster (Mar 07)
- RE: Customer-facing ACLs Frank Bulk (Mar 07)
- Re: Customer-facing ACLs Joel Jaeggli (Mar 07)
- RE: Customer-facing ACLs Frank Bulk - iNAME (Mar 08)
- Re: Customer-facing ACLs Justin Shore (Mar 08)
- RE: Customer-facing ACLs Frank Bulk - iNAME (Mar 08)
- Re: Customer-facing ACLs Dave Pooser (Mar 07)
- Re: Customer-facing ACLs Mark Foster (Mar 07)
- Re: Customer-facing ACLs Dave Pooser (Mar 08)
- Re: Customer-facing ACLs Jay Hennigan (Mar 08)
- Re: Customer-facing ACLs William Norton (Mar 08)
- NANOG laptops (was Re: Customer-facing ACLs) David Conrad (Mar 09)
- Re: NANOG laptops (was Re: Customer-facing ACLs) Randy Bush (Mar 09)