And just like deploying IoT devices in vehicles without proper security preparations will lead you to a C&C network … just saying the hammer swings both ways here and getting a IP reported isn’t going to do you any damn good at ALL.
Personally I’d rip those IoT vehicles off the market for a recall but I suspect we’ll be hearing of that in the not to distant future. So in hindsight why don’t we just close down this thread here. > On Feb 5, 2021, at 08:50, Joe <jbfixu...@gmail.com> wrote: > > Much like your banning of an email address is an ability you have with your > provider (gmail), you should have the same abilities with your cellular > provider for an IP address. > I would think (at a minimum) you would be able to negotiate such an action > with them, perhaps it is time to re-negotiate that contract? > If your simply trying to report an offending IP for brute force stuff perhaps > the tact you may find more helpful is to ask for a contact at xzy ISP on > list, versus asking folks to do reporting for you. As well there are like > 100s of lists to report this to outside of NANOG > As well, if I am reading this correctly, deployment of devices that have > public facing IPs and do not have a means to protect themselves is concerning > to say the least. > This is about as reckless as putting up a login page without a password and > crying foul when something gains access that you didn't expect. Again, I do > not know all of the details of this so I may be way off base with that > respect. > > If your ability to prevent issues is due to lack of a firewall/control to > your network, possibly asking for help in mitigating such threats would be > better, as there are a lot of very well versed/clever folks that help out. > Regards, > -Joe > > > On Thu, Feb 4, 2021 at 7:17 PM JoeSox <joe...@gmail.com> wrote: > Ryan, > Thanks but like I said these devices are in moving vehicles ok? > I stated we have a plan but it is ways out. > FACT: we have a known malicious C&C > FACT: We know what networks it is hitting and the cellular network is the > most vulnerable, imo. > FACT: this IP is against Verizon terms of service so the way to address it is > to report it to them as they request. > > I honestly got what I needed from this thread, thanks. And I thank the > nonbullies that helped me off list. > -- > Thank You, > Joe > > > On Thu, Feb 4, 2021 at 5:11 PM Ryan Hamel <administra...@rkhtech.org> wrote: > Joe, > > > > It isn’t on Verizon to setup a firewall, especially if you have a direct > public IP service. The device being attached directly to the Internet (no > matter the transmission medium), must be able to protect itself. ISPs provide > routers which function as a NAT/Firewall appliance, to provide a means of > safety and convenience for them, but also charge you a rental fee. > > > > Stick a Cradlepoint router or something in front of your device, if you want > an external means of protection. Otherwise you’ll need to enable the Windows > Firewall if it’s a Windows system, or setup iptables on Linux, ipfw/pf on > *BSD, etc. > > > > Ryan > > > > From: JoeSox <joe...@gmail.com> > Sent: Thursday, February 4, 2021 5:04 PM > To: r...@rkhtech.org > Cc: TJ Trout <t...@pcguys.us>; NANOG <nanog@nanog.org> > Subject: Re: Suspicious IP reporting > > > > How do I setup a firewall when I am not a Verizon engineer? > > There is a firewall via the antivirus and operating system but that's it. > > Do you not understand my issue? I thought that is the real problem with the > online bullies in this thread. > > -- > > Thank You, > > Joe > > > > > > On Thu, Feb 4, 2021 at 5:01 PM Ryan Hamel <administra...@rkhtech.org> wrote: > > Joe, > > > > The underlying premise here is, “pick your battles”. If you don’t want an IP > address to access your device in anyway, setup a firewall and properly > configure it to accept whitelisted traffic only, or just expose a VPN > endpoint. The Internet is full of both good and bad actors that probe and > scan anything and everything. > > > > While some appreciate the notification here, others will find it annoying. We > cannot report anything malicious about an IP address on the Internet, unless > it does harm to us specifically, otherwise it is false reporting and does > create more noise at the ISP, and waste more time getting to the underlying > issue. > > > > Ryan > > > > From: NANOG <nanog-bounces+ryan=rkhtech....@nanog.org> On Behalf Of JoeSox > Sent: Thursday, February 4, 2021 4:41 PM > To: TJ Trout <t...@pcguys.us> > Cc: NANOG <nanog@nanog.org> > Subject: Re: Suspicious IP reporting > > > > Do others see this online bully started by Tom? The leader has spoken so the > minions follow :) > > This list sometimes LOL > > I think if everyone gets off their high horse, the list communication would > be less noisy for the list veterans. > > -- > > Thank You, > > Joe > > > > > > On Thu, Feb 4, 2021 at 4:36 PM TJ Trout <t...@pcguys.us> wrote: > > This seems like a highly suspect request coming from a North American network > operator...? > > > > > > On Thu, Feb 4, 2021 at 10:23 AM JoeSox <joe...@gmail.com> wrote: > > > > This IP is hitting devices on cellular networks for the past day or so. > > https://www.abuseipdb.com/whois/79.124.62.86 > > I think this is the info to report it to the ISP. Any help or if everyone > can report it, I would be a happy camper. > > > > ab...@4cloud.mobi; ab...@fiberinternet.bg > > > > https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0 > > > > -- > > Thank You, > > Joe > -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
