Why bother putting out the small fire? It's only a small fire. On Thu, Sep 4, 2025 at 9:40 AM Mike Hammett via NANOG <[email protected]> wrote:
> and yet just being okay with background radiation only encourages the > background radiation to no longer just lurk in the background. > > > > ----- > Mike Hammett > Intelligent Computing Solutions > > Midwest Internet Exchange > > The Brothers WISP > > > ----- Original Message ----- > From: "nanog--- via NANOG" <[email protected]> > To: "North American Network Operators Group" <[email protected]> > Cc: [email protected] > Sent: Thursday, September 4, 2025 3:05:55 AM > Subject: Re: Paging Unified Layer/AS46606 in re: NET-162-240-0-0-1 ( > 162.240.0.0/15) > > Who even bothers to complain about internet background radiation? Unless > you're seeing a high volume or you know you have weak passwords... > Otherwise there are plenty of machines out there searching for default SSH > passwords. Just ignore them if they don't affect you. > > Many people configure SSH to run on a non-default port number to cut down > on background noise. Or you can filter IPs as already suggested. Or you can > know that you're using a strong authentication method and you're patched > for CVE-2024-6387/6409, and leave it be. > > Please note that reporting abuse for non-incidents is itself an attack. > There was an attack last year where someone sent spoofed port 22 SYN > packets from IP addresses of Tor relays, resulting in a flood of > trigger-happy "security" companies writing abuse emails to hosts of Tor > relays who weren't involved, risking taking down large parts of the Tor > network. > > > > On 4 September 2025 03:16:17 CEST, Rich Kulawiec via NANOG < > [email protected]> wrote: > >Who puts a quota on an abuse mailbox...and then allows that quote to > >be reached? > > > >> Date: Tue, 2 Sep 2025 12:38:24 +0000 > >> > >> Delivery has failed to these recipients or groups: > >> > >> [email protected]<mailto:[email protected]> > >> The recipient's mailbox is full and can't accept messages now. Please > try r= > >> esending your message later, or contact the recipient directly. > > > >I've got nothin': my usual string of exasperated profanities has failed > me. > > > >Anyway, y'all have attackers using various VPS instances on your network > >to conduct coordinated brute-force ssh attacks, and you should make that > >stop yesterday. > > > >Details? Logs? Yes, yes, I know, I did try to send them to you -- but > >see the above for the explanation covering why you didn't receive them. > > > >Also: for the love of dog, fix this nonsense. > > > >---rsk > >_______________________________________________ > >NANOG mailing list > > > https://lists.nanog.org/archives/list/[email protected]/message/6CFCYFIP5FHUL4PBZQNOUV2SW6DNK44U/ > _______________________________________________ > NANOG mailing list > > https://lists.nanog.org/archives/list/[email protected]/message/A2ZFPUI7XEE4YHM7QJ433TWBRCLMYAYA/ > > > _______________________________________________ > NANOG mailing list > > https://lists.nanog.org/archives/list/[email protected]/message/ZDCAEF7Z72EHJC3QWNFHTAPTIZ76VF6O/ > _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/3GPWECITKUE5S3K47QCXM4LOMIBE2RN3/
