nanog mailing list archives
Re: de-peering for security sake
From: Joe Abley <jabley () hopcount ca>
Date: Sat, 26 Dec 2015 11:14:25 -0500
On Dec 26, 2015, at 10:09, Stephen Satchell <list () satchell net> wrote:
My gauge is volume of obnoxious traffic. When I get lots of SSH probes from a /32, I block the /32.
... without any knowledge of how many end systems are going to be affected. A significant campus or provider user base behind a NAT is likely to have more infections in absolute terms, which means more observed bad behaviour. It also means more end-systems (again, in absolute terms) that represent collateral damage.
When I get lots of SSH probes across a range of a /24, I block the /24.
[...]
When I see that the bad traffic has caused me to block multiple /24s, I will block the entire allocation.
Your network, your rules. But that's not the way I would manage things if I thought my job was to optimise and maximise connectivity between my users and the Internet. With respect to ssh scans in particular -- disable all forms of password authentication and insist upon public key authentication instead. If the password scan log lines still upset you, stop logging them. Joe
Current thread:
- Re: de-peering for security sake, (continued)
- Re: de-peering for security sake Mike Hammett (Dec 25)
- Re: de-peering for security sake Stephen Satchell (Dec 25)
- Re: de-peering for security sake Daniel Corbe (Dec 25)
- Re: de-peering for security sake Daniel Corbe (Dec 25)
- Re: de-peering for security sake Owen DeLong (Dec 25)
- Message not available
- Re: de-peering for security sake Owen DeLong (Dec 25)
- Re: de-peering for security sake Mike Hammett (Dec 26)
- Re: de-peering for security sake Stephen Satchell (Dec 26)
- Re: de-peering for security sake Baldur Norddahl (Dec 26)
- Re: de-peering for security sake Mike Hammett (Dec 26)
- Re: de-peering for security sake Joe Abley (Dec 26)
- Re: de-peering for security sake William Waites (Dec 26)
- Re: de-peering for security sake Owen DeLong (Dec 26)
- Re: de-peering for security sake Matthew Petach (Dec 26)
- Re: de-peering for security sake Owen DeLong (Dec 26)
- Re: de-peering for security sake Valdis . Kletnieks (Dec 26)
- Re: de-peering for security sake Baldur Norddahl (Dec 26)
- Re: de-peering for security sake Owen DeLong (Dec 26)
- Re: de-peering for security sake Baldur Norddahl (Dec 26)
- Re: de-peering for security sake Owen DeLong (Dec 27)
- Re: de-peering for security sake Valdis . Kletnieks (Dec 27)