[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Abuse Desks

Sadly dumb kids are plentiful. If you have to nag an abuse desk every time they sell a server to a kid whoâ??s experimenting with nmap for the first time then.... weâ??ll end up exactly where we are - abuse contacts are not a reliable way to get in touch with anyone, and definitely not a reliable way to do so fast or with any reasonably large network. Please donâ??t clog the otherwise-useful system.

If you have trouble sleeping at night, Iâ??d recommend the â??PasswordAuthentication noâ?? option in sshd_config.


> On Apr 28, 2020, at 23:22, Mukund Sivaraman <muks at mukund.org> wrote:
> Hi Matt
>> On Tue, Apr 28, 2020 at 11:02:04PM -0700, Matt Corallo wrote:
>> DDoS, hijacker, botnet C&C, compromised hosts,
>> sufficiently-hard-to-deal-with phishing, etc are all things that carry
>> real risk to services that are otherwise well-maintained (primarily in
>> that many of the latter lead to the former). Nothing wrong with using
>> or monitoring fail2ban, but if youâ??re spamming abuse contacts in an
>> automated fashion (a pattern of misbehavior may be different) just
>> because of some scanning, I recommend you fire your CSO (or get one).
> It a fair game, that we the victim hosts should manually scan hundreds
> of reports generated due to traffic from automated bots from IP address
> block, so that things are easy for abuse@ contacts?
> I haven't come across a false positive report from our fail2ban
> instances on various servers (which it so far emails to our internal
> email address). It appears extremely unlikely for its reports to be
> false postitives - its detection method by parsing logs is identical to
> what a human would manually do too.
> I wouldn't call emailing its reports automatically to an abuse contact
> as "spamming". It is exactly what a human would do, and
> programmers/sysadmins love to automate.
> If an abuse report is incorrect, then it is fair to complain.
>        Mukund