nanog mailing list archives
Re: Abuse Desks
From: Matt Corallo via NANOG <nanog () nanog org>
Date: Tue, 28 Apr 2020 23:02:04 -0700
DDoS, hijacker, botnet C&C, compromised hosts, sufficiently-hard-to-deal-with phishing, etc are all things that carry real risk to services that are otherwise well-maintained (primarily in that many of the latter lead to the former). Nothing wrong with using or monitoring fail2ban, but if you’re spamming abuse contacts in an automated fashion (a pattern of misbehavior may be different) just because of some scanning, I recommend you fire your CSO (or get one). Matt
On Apr 28, 2020, at 22:13, Mukund Sivaraman <muks () mukund org> wrote: On Tue, Apr 28, 2020 at 08:45:12PM -0700, Dan Hollis wrote:On Tue, 28 Apr 2020, Matt Corallo via NANOG wrote: Please don't use this kind of crap to send automated "we received 3 login attempts on our SSH box..waaaaaaaaa" emails. This is why folks don't have abuse contacts that are responsive to real issues anymore.Thats what SBL is for.Do you recommend that we use a DNS blacklist to check every SSH and HTTPS connection attempt, about whether it should be filtered or not? Ultimately if there is scanning happening from an IP address delegated to someone, isn't their abuse@ responsible for handling the complaints? What are "real" issues? We have scanning happening on ssh, https, SIP, SMTP submission ports everyday. fail2ban does a good job blocking many of these, but ultimately should the scanning problem be ignored? Is nobody ultimately responsible to stop these hosts from scanning? Mukund
Current thread:
- Abuse Desks Mike Hammett (Apr 28)
- Re: Abuse Desks Matt Corallo via NANOG (Apr 28)
- Re: Abuse Desks Dan Hollis (Apr 28)
- Re: Abuse Desks Mukund Sivaraman (Apr 28)
- Re: Abuse Desks Matt Corallo via NANOG (Apr 28)
- Re: Abuse Desks Mukund Sivaraman (Apr 28)
- Re: Abuse Desks Matt Corallo via NANOG (Apr 28)
- Re: Abuse Desks Mukund Sivaraman (Apr 28)
- Re: Abuse Desks Matt Palmer (Apr 29)
- Re: Abuse Desks Mike Hammett (Apr 29)
- Re: Abuse Desks J. Hellenthal via NANOG (Apr 29)
- Re: Abuse Desks bzs (Apr 29)
- Re: Abuse Desks Dan Hollis (Apr 28)
- Re: Abuse Desks Matt Corallo via NANOG (Apr 28)
- Re: Abuse Desks Dan Hollis (Apr 29)
- Re: Abuse Desks Matt Corallo via NANOG (Apr 29)
- Re: Abuse Desks Chris Adams (Apr 29)