nanog mailing list archives
Re: de-peering for security sake
From: Mike Hammett <nanog () ics-il net>
Date: Sat, 26 Dec 2015 09:30:02 -0600 (CST)
1) Automation is your friend. 2) If a host is compromised and doing an SSH scan, it's likely going to also be attempting SMTP, WordPress, home router, etc. attacks. Use a canary to block that host altogether to better your network. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com ----- Original Message ----- From: "Baldur Norddahl" <baldur.norddahl () gmail com> To: nanog () nanog org Sent: Saturday, December 26, 2015 9:19:15 AM Subject: Re: de-peering for security sake On 26 December 2015 at 16:09, Stephen Satchell <list () satchell net> wrote:
On 12/26/2015 06:19 AM, Mike Hammett wrote:How much is an acceptable standard to the community? Individual /32s ( or /64s)? Some tipping point where 50% of a /24 (or whatever it's IPv6 equivalent would be) has made your naughty list that you block the whole prefix?My gauge is volume of obnoxious traffic. When I get lots of SSH probes from a /32, I block the /32. When I get lots of SSH probes across a range of a /24, I block the /24.
Do you people have nothing better to do than scan firewall log files and insert rules to block stuff that was already blocked by default? Hint: if ssh probes spams your log then move your ssh service to a non standard port. Regards, Baldur
Current thread:
- Re: de-peering for security sake, (continued)
- Re: de-peering for security sake Daniel Corbe (Dec 25)
- Re: de-peering for security sake Mike Hammett (Dec 25)
- Re: de-peering for security sake Stephen Satchell (Dec 25)
- Re: de-peering for security sake Daniel Corbe (Dec 25)
- Re: de-peering for security sake Daniel Corbe (Dec 25)
- Re: de-peering for security sake Owen DeLong (Dec 25)
- Message not available
- Re: de-peering for security sake Owen DeLong (Dec 25)
- Re: de-peering for security sake Mike Hammett (Dec 26)
- Re: de-peering for security sake Stephen Satchell (Dec 26)
- Re: de-peering for security sake Baldur Norddahl (Dec 26)
- Re: de-peering for security sake Mike Hammett (Dec 26)
- Re: de-peering for security sake Joe Abley (Dec 26)
- Re: de-peering for security sake William Waites (Dec 26)
- Re: de-peering for security sake Owen DeLong (Dec 26)
- Re: de-peering for security sake Matthew Petach (Dec 26)
- Re: de-peering for security sake Owen DeLong (Dec 26)
- Re: de-peering for security sake Valdis . Kletnieks (Dec 26)
- Re: de-peering for security sake Baldur Norddahl (Dec 26)
- Re: de-peering for security sake Owen DeLong (Dec 26)
- Re: de-peering for security sake Baldur Norddahl (Dec 26)
- Re: de-peering for security sake Owen DeLong (Dec 27)