[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Abuse Desks

Subject: Abuse Desks
From: list at satchell.net (Stephen Satchell)
Date: Wed, 29 Apr 2020 09:08:03 -0700
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

On 4/29/20 8:41 AM, Mel Beckman wrote:
> Is there any reason to have a root-enabled (or any) ssh server
> exposed to the bare Internet? Any at all? Can you name one? I canâ??t.
> Thatâ??s basically pilot error.

Remember HeartBleed?  That didn't require a rout-enabled SSH server.  It 
didn't require SSH server.

That said, I use TCPWRAPPER to limit access to SSH to specific IP 
addresses.  I process my LogWatch messages manually.  I pull the fire 
alarm for showshoe probes, and excessive number of probes (over 30 in a 
24-hour period).  No registered abuse@ address in the WHOIS?  The 
offending netblock goes into my edge router ACL, because I have learned 
that ne'er-do-wells without working abuse@ usually have other bad habits.

And I disclose this practice to all who use my network.

(Blackmail emails are another set-and-forget trigger, but that's a 
subject for NANAE newsgroup.)

Follow-Ups:
- Abuse Desks
  - From: sabri at cluecentral.net (Sabri Berisha)

References:
- Abuse Desks
  - From: jgreco at ns.sol.net (Joe Greco)
- Abuse Desks
  - From: mel at beckman.org (Mel Beckman)

Prev by Date: Abuse Desks
Next by Date: Abuse Desks
Previous by thread: Abuse Desks
Next by thread: Abuse Desks
Index(es):
- Date
- Thread