Spamming and ssh attack from a customers

Mark Andrews marka at isc.org
Thu Jan 6 09:11:17 UTC 2011


In message <BLU0-SMTP18666EADDBA40B2B455F798BB0A0 at phx.gbl>, Tarig Ahmed writes:
> hi all
> 
> I am receiving emails from many servers saying that: this ip (from a  
> customer) is trying to attacking one of our servers.
> 
> Is it appropriate to filter ssh, telnet, and smtp from my customers,  
> or just forward the message to my customer contact persons?

I suspect that your customer is compromised and you should put them
in a walled garden until they fix the problem.  Look at traffic
flows first however.

> Thanks in advance..
> 
> Tarig Yassin Ahmed
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org




More information about the NANOG mailing list