Just wondering
Robert Drake
rdrake at direcpath.com
Tue Apr 1 03:43:49 UTC 2014
On 3/31/2014 10:51 PM, Joe wrote:
>
> I received several reports today regarding some scans for udp items from
> shadowservers hosted out of H.E. Seems to claim to be checking for issues
> regarding udp issues, amp issues, which I am all fine for, but my issue is
> this. It trips several IDP/IPS traps pretty much causing issues that I have
> to resolve. I have one user that is a home user (outside one of my /16)
> that has seen this as well. Now with that said are these folks that do this
> going to pay for one of my users that pay per bit for this? Does garbage in
> to this really provide a garbage clean? I see they are planing on a bunch
> of other protocols too, so that's nice.
If I was paying per bit I would probably want my ISP to rate limit and
firewall lots of traffic before it ever reached my pay-per-bit line.
Otherwise I would be paying for huge amounts of unsolicited traffic from
everywhere.
> I'm not sure where to go with this other than to advise my other folks to
> drop this traffic from their 184.105.139.64/26 networks and hope for the
> best regarding my FAP folks.
>
> Regards,
> -Joe
>
If you're comfortable that your internal audits are accurate and what
these people are doing won't provide you any value, I don't see what
harm it would do to block them. Since they also have to worry about
botnet authors blocking their traffic, I imagine they might change IP
ranges after a while. You might complain to them directly and see if
they can add you to a do not poll list. It looks like they have a
couple of emails for issues listed here:
https://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork
More information about the NANOG
mailing list