BGP hijack from 23724 -> 4134 China?
jimb at jsbc.cc
Fri Apr 9 21:27:46 CDT 2010
On 4/9/2010 15:42, Benjamin Billon wrote:
>>> This is also blocking Sina, Netease, Yahoo.cn and other major
>>> Chinese ISP/ESP. Am I the only to think this is not very smart?
>> It depends. I'am not a fan of country blocking. But in my case it can
>> work for a home server. You could adapt the list and block port 22
>> only for production servers where you can't expect to never have
>> email from China, but can safely block brute force ssh attacks.
> Yep, home server, your server. That's not the same when you have
> customers who rely on your server.
> IMHO, port 22 and other critical ports should always be blocked except
> from known places.
I personally use a port knocking setup and it pretty much eliminates SSH
brute force account/password hacks. Actually, on one box that didn't
have the ability to do that, I simply moved the SSH port. This was
surprisingly effective, although a bit inconvenient.
I'll have to say that a very large number of the brute attempts were
from Chinese IPs. Hopefully they're not reading this. ;-)
More information about the NANOG