[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Abuse Desks

On 4/29/20 8:41 AM, Mel Beckman wrote:
> Is there any reason to have a root-enabled (or any) ssh server
> exposed to the bare Internet? Any at all? Can you name one? I canâ??t.
> Thatâ??s basically pilot error.

Remember HeartBleed?  That didn't require a rout-enabled SSH server.  It 
didn't require SSH server.

That said, I use TCPWRAPPER to limit access to SSH to specific IP 
addresses.  I process my LogWatch messages manually.  I pull the fire 
alarm for showshoe probes, and excessive number of probes (over 30 in a 
24-hour period).  No registered abuse@ address in the WHOIS?  The 
offending netblock goes into my edge router ACL, because I have learned 
that ne'er-do-wells without working abuse@ usually have other bad habits.

And I disclose this practice to all who use my network.

(Blackmail emails are another set-and-forget trigger, but that's a 
subject for NANAE newsgroup.)