Spamming and ssh attack from a customers
Mark Andrews
marka at isc.org
Thu Jan 6 09:11:17 UTC 2011
In message <BLU0-SMTP18666EADDBA40B2B455F798BB0A0 at phx.gbl>, Tarig Ahmed writes:
> hi all
>
> I am receiving emails from many servers saying that: this ip (from a
> customer) is trying to attacking one of our servers.
>
> Is it appropriate to filter ssh, telnet, and smtp from my customers,
> or just forward the message to my customer contact persons?
I suspect that your customer is compromised and you should put them
in a walled garden until they fix the problem. Look at traffic
flows first however.
> Thanks in advance..
>
> Tarig Yassin Ahmed
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG
mailing list