BGP hijack from 23724 -> 4134 China?

Jim Burwell jimb at jsbc.cc
Sat Apr 10 02:27:46 UTC 2010


On 4/9/2010 15:42, Benjamin Billon wrote:
>
>>> This is also blocking Sina, Netease, Yahoo.cn and other major
>>> Chinese ISP/ESP. Am I the only to think this is not very smart?
>>
>> It depends. I'am not a fan of country blocking. But in my case it can
>> work for a home server. You could adapt the list and block port 22
>> only for production servers where you can't expect to never have
>> email from China, but can safely block brute force ssh attacks.
>>
> Yep, home server, your server. That's not the same when you have
> customers who rely on your server.
> IMHO, port 22 and other critical ports should always be blocked except
> from known places.
>
I personally use a port knocking setup and it pretty much eliminates SSH
brute force account/password hacks.  Actually, on one box that didn't
have the ability to do that, I simply moved the SSH port.  This was
surprisingly effective, although a bit inconvenient. 

I'll have to say that a very large number of the brute attempts were
from Chinese IPs.  Hopefully they're not reading this.  ;-)




More information about the NANOG mailing list