[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Abuse Desks

On Tue, Apr 28, 2020 at 08:45:12PM -0700, Dan Hollis wrote:
> On Tue, 28 Apr 2020, Matt Corallo via NANOG wrote:
> > Please don't use this kind of crap to send automated "we received 3 login attempts on our SSH box..waaaaaaaaa" emails.
> > This is why folks don't have abuse contacts that are responsive to real issues anymore.

> Thats what SBL is for.

Do you recommend that we use a DNS blacklist to check every SSH and
HTTPS connection attempt, about whether it should be filtered or not?

Ultimately if there is scanning happening from an IP address delegated
to someone, isn't their abuse@ responsible for handling the complaints?
What are "real" issues?

We have scanning happening on ssh, https, SIP, SMTP submission ports
everyday. fail2ban does a good job blocking many of these, but
ultimately should the scanning problem be ignored?  Is nobody ultimately
responsible to stop these hosts from scanning?