nanog mailing list archives
Re: BGP hijack from 23724 -> 4134 China?
From: Jim Burwell <jimb () jsbc cc>
Date: Fri, 09 Apr 2010 19:27:46 -0700
On 4/9/2010 15:42, Benjamin Billon wrote:
This is also blocking Sina, Netease, Yahoo.cn and other major Chinese ISP/ESP. Am I the only to think this is not very smart?It depends. I'am not a fan of country blocking. But in my case it can work for a home server. You could adapt the list and block port 22 only for production servers where you can't expect to never have email from China, but can safely block brute force ssh attacks.Yep, home server, your server. That's not the same when you have customers who rely on your server. IMHO, port 22 and other critical ports should always be blocked except from known places.
I personally use a port knocking setup and it pretty much eliminates SSH brute force account/password hacks. Actually, on one box that didn't have the ability to do that, I simply moved the SSH port. This was surprisingly effective, although a bit inconvenient. I'll have to say that a very large number of the brute attempts were from Chinese IPs. Hopefully they're not reading this. ;-)
Current thread:
- Re: BGP hijack from 23724 -> 4134 China?, (continued)
- Re: BGP hijack from 23724 -> 4134 China? goemon (Apr 08)
- RE: BGP hijack from 23724 -> 4134 China? George Bonser (Apr 09)
- RE: BGP hijack from 23724 -> 4134 China? goemon (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Larry Smith (Apr 08)
- Re: BGP hijack from 23724 -> 4134 China? Michael Holstein (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Benjamin BILLON (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Jeroen van Aart (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Benjamin Billon (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Jeroen van Aart (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Benjamin Billon (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Jim Burwell (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Patrick Giagnocavo (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Jeroen van Aart (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Rich Kulawiec (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Jeroen van Aart (Apr 09)
- RE: BGP hijack from 23724 -> 4134 China? Warren Bailey (Apr 09)
- RE: BGP hijack from 23724 -> 4134 China? Jim Templin (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Suresh Ramasubramanian (Apr 08)