[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

de-peering for security sake

Subject: de-peering for security sake
From: baldur.norddahl at gmail.com (Baldur Norddahl)
Date: Sat, 26 Dec 2015 16:19:15 +0100
In-reply-to: <[email protected]>
References: <278703070.5666.1451139598778.JavaMail.mhammett@ThunderFuck> <[email protected]>

On 26 December 2015 at 16:09, Stephen Satchell <list at satchell.net> wrote:

> On 12/26/2015 06:19 AM, Mike Hammett wrote:
>
>> How much is an acceptable standard to the community? Individual /32s
>> ( or /64s)? Some tipping point where 50% of a /24 (or whatever it's
>> IPv6 equivalent would be) has made your naughty list that you block
>> the whole prefix?
>>
>
> My gauge is volume of obnoxious traffic.  When I get lots of SSH probes
> from a /32, I block the /32.  When I get lots of SSH probes across a range
> of a /24, I block the /24.
>

Do you people have nothing better to do than scan firewall log files and
insert rules to block stuff that was already blocked by default?

Hint: if ssh probes spams your log then move your ssh service to a non
standard port.

Regards,

Baldur

Follow-Ups:
- de-peering for security sake
  - From: nanog at ics-il.net (Mike Hammett)

References:
- de-peering for security sake
  - From: nanog at ics-il.net (Mike Hammett)
- de-peering for security sake
  - From: list at satchell.net (Stephen Satchell)

Prev by Date: de-peering for security sake
Next by Date: de-peering for security sake
Previous by thread: de-peering for security sake
Next by thread: de-peering for security sake
Index(es):
- Date
- Thread