Re: Suspicious IP reporting

[Tom Beecher <beecher () beecher cc>]

Let's assume that I submitted an abuse report on your behalf. I'm not going
to do it on behalf of my company; I'm not seeing this issue. So I'd have to
do it in a personal capacity.

Who do I report it to? Let's say my ISP is Charter, and my cell provider is
AT&T. Reporting to either one would not provide you any benefit, since you
are seeing the suspect traffic to you via Verizon. Let's assume I file the
reports anyways. What do I say? I haven't seen the traffic in question, so
I have no idea what it is. I can't provide any specifics in my abuse report
that would be helpful. I'm certainly not going to just copypasta some
information from abusedbip; I can't speak to the accuracy of anything
there.

Finally, I'm just another guy on the list, nobody special. I certainly
don't feel that there was any bullying involved on my part or others, but I
won't comment further; the intensity of your reaction would lead me to
believe it would be unproductive.

Best of luck in addressing your issues.

On Thu, Feb 4, 2021 at 8:17 PM JoeSox <joesox () gmail com> wrote:

> Ryan,
> Thanks but like I said these devices are in moving vehicles ok?
> I stated we have a plan but it is ways out.
> FACT: we have a known malicious C&C
> FACT: We know what networks it is hitting and the cellular network is the
> most vulnerable, imo.
> FACT: this IP is against Verizon terms of service so the way to address it
> is to report it to them as they request.
>
> I honestly got what I needed from this thread, thanks. And I thank the
> nonbullies that helped me off list.
> --
> Thank You,
> Joe
>
>
> On Thu, Feb 4, 2021 at 5:11 PM Ryan Hamel <administrator () rkhtech org>
> wrote:
>
> > Joe,
> >
> >
> >
> > It isn’t on Verizon to setup a firewall, especially if you have a direct
> > public IP service. The device being attached directly to the Internet (no
> > matter the transmission medium), must be able to protect itself. ISPs
> > provide routers which function as a NAT/Firewall appliance, to provide a
> > means of safety and convenience for them, but also charge you a rental fee.
> >
> >
> >
> > Stick a Cradlepoint router or something in front of your device, if you
> > want an external means of protection. Otherwise you’ll need to enable the
> > Windows Firewall if it’s a Windows system, or setup iptables on Linux,
> > ipfw/pf on *BSD, etc.
> >
> >
> >
> > Ryan
> >
> >
> >
> > *From:* JoeSox <joesox () gmail com>
> > *Sent:* Thursday, February 4, 2021 5:04 PM
> > *To:* ryan () rkhtech org
> > *Cc:* TJ Trout <tj () pcguys us>; NANOG <nanog () nanog org>
> > *Subject:* Re: Suspicious IP reporting
> >
> >
> >
> > How do I setup a firewall when I am not a Verizon engineer?
> >
> > There is a firewall via the antivirus and operating system but that's it.
> >
> > Do you not understand my issue? I thought that is the real problem with
> > the online bullies in this thread.
> >
> > --
> >
> > Thank You,
> >
> > Joe
> >
> >
> >
> >
> >
> > On Thu, Feb 4, 2021 at 5:01 PM Ryan Hamel <administrator () rkhtech org>
> > wrote:
> >
> > Joe,
> >
> >
> >
> > The underlying premise here is, “pick your battles”. If you don’t want an
> > IP address to access your device in anyway, setup a firewall and properly
> > configure it to accept whitelisted traffic only, or just expose a VPN
> > endpoint. The Internet is full of both good and bad actors that probe and
> > scan anything and everything.
> >
> >
> >
> > While some appreciate the notification here, others will find it
> > annoying. We cannot report anything malicious about an IP address on the
> > Internet, unless it does harm to us specifically, otherwise it is false
> > reporting and does create more noise at the ISP, and waste more time
> > getting to the underlying issue.
> >
> >
> >
> > Ryan
> >
> >
> >
> > *From:* NANOG <nanog-bounces+ryan=rkhtech.org () nanog org> *On Behalf Of *
> > JoeSox
> > *Sent:* Thursday, February 4, 2021 4:41 PM
> > *To:* TJ Trout <tj () pcguys us>
> > *Cc:* NANOG <nanog () nanog org>
> > *Subject:* Re: Suspicious IP reporting
> >
> >
> >
> > Do others see this online bully started by Tom? The leader has spoken so
> > the minions follow :)
> >
> > This list  sometimes LOL
> >
> > I think if everyone gets off their high horse, the list communication
> > would be less noisy for the list veterans.
> >
> > --
> >
> > Thank You,
> >
> > Joe
> >
> >
> >
> >
> >
> > On Thu, Feb 4, 2021 at 4:36 PM TJ Trout <tj () pcguys us> wrote:
> >
> > This seems like a highly suspect request coming from a North American
> > network operator...?
> >
> >
> >
> >
> >
> > On Thu, Feb 4, 2021 at 10:23 AM JoeSox <joesox () gmail com> wrote:
> >
> >
> >
> > This IP is hitting devices on cellular networks for the past day or so.
> >
> >   https://www.abuseipdb.com/whois/79.124.62.86
> >
> > I think this is the info to report it to the ISP.  Any help or if
> > everyone can report it, I would be a happy camper.
> >
> >
> >
> > abuse () 4cloud mobi; abuse () fiberinternet bg
> >
> >
> >
> > https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0
> >
> >
> >
> > --
> >
> > Thank You,
> >
> > Joe