BGP hijack from 23724 -> 4134 China?

Benjamin Billon bbillon-ml at splio.fr
Fri Apr 9 17:42:11 CDT 2010


>> This is also blocking Sina, Netease, Yahoo.cn and other major Chinese 
>> ISP/ESP. Am I the only to think this is not very smart?
>
> It depends. I'am not a fan of country blocking. But in my case it can 
> work for a home server. You could adapt the list and block port 22 
> only for production servers where you can't expect to never have email 
> from China, but can safely block brute force ssh attacks.
>
Yep, home server, your server. That's not the same when you have 
customers who rely on your server.
IMHO, port 22 and other critical ports should always be blocked except 
from known places.




More information about the NANOG mailing list