Suspicious IP reporting

Fri Feb 5 00:33:22 UTC 2021

Jean,
That is fine. I don't understand why the ignorance. Its one flipping email
and people can reply to me without adding the list. Is this really a
necessary conversation? It has only blown up BECAUSE of Tom's comments.
That is great he is a big shot and contributes, that is great to hear.
I am not expereicncing the same type of onlist behavior.

Listen, I have devices on a cell network with only a few layers of security
(of course there is a plan to increase the security on those devices but
this is a complicated and highly regulated environment).
Someone contacted me off list telling me they beleive the IP is a command
and control server.
Cell networks like Verizon has a process to report these IPs, now I am not
educated in how the cellular network deal with that, that is where my
"ignorance" if you would like to call it that, comes in.
I see no issue asking other network admins to report it and fail to
understand why this particular issue is bad.
If there is a FEAR that everyone and their grandmother starts asking the
onlist community to report IP addresses, I think that is an an unnecessary
fear.

What has turned into "noise" that Tom feared so much has been his doing not
mine.

On Thu, Feb 4, 2021 at 4:22 PM Jean St-Laurent <jean at ddostest.me> wrote:

> I do not know Tom personally, but I’ve been following his comments,
> hindsight and shared experience. Tom seems to be a bigger player than you
> on this mailing list.
>
>
>
> Joe, you are only penalizing yourself by banning him. I would personally
> not ban him.
>
>
>
> J
>
>
>
> *From:* Jean St-Laurent <jean at ddostest.me>
> *Sent:* February 4, 2021 6:28 PM
> *To:* 'JoeSox' <joesox at gmail.com>; 'Tom Beecher' <beecher at beecher.cc>
> *Cc:* 'NANOG' <nanog at nanog.org>
> *Subject:* RE: Suspicious IP reporting
>
>
>
> So what? I’ve scanned the internet more than 100’ times on all
> ports/protocols than you can imagine with zmap and many other shabby tools.
>
>
>
> I agree with Tom that these absue reports are totally useless and create
> so much noise that it feels like crying wolf.
>
> Network operator are trained to absorb and protect against that.
>
>
>
> Are you aware of the 4D rules?
>
> Dether
>
> Denied
>
> Detect
>
> Delay
>
>
>
> Unless that you are a real threat to a nation… good luck.
>
>
>
> There is a new submarine link that connect America with Europe. It is said
> to be 250 Tbps.
>
>
> https://cloud.google.com/blog/products/infrastructure/googles-dunant-subsea-cable-is-now-ready-for-service
>
>
>
> Kill this link and I guess the industry will listen to you.
>
>
>
> Good luck with your ip in China.
>
>
>
> Jean St-Laurent
>
>
>
>
>
> *From:* NANOG <nanog-bounces+jean=ddostest.me at nanog.org> *On Behalf Of *
> JoeSox
> *Sent:* February 4, 2021 6:06 PM
> *To:* Tom Beecher <beecher at beecher.cc>
> *Cc:* NANOG <nanog at nanog.org>
> *Subject:* Re: Suspicious IP reporting
>
>
>
> Tom,
>
> Others are seeing it as I provided the website that shows others are
> seeing it.
>
> https://www.abuseipdb.com/check/79.124.62.86
>
> I think it is pretty poor form to be ignorant.
>
>
>
> Congrats you have been banned from my gmail account straight to the
> deleted.
>
>
>
>
>
> On Thu, Feb 4, 2021 at 1:12 PM Tom Beecher <beecher at beecher.cc> wrote:
>
> I think it's pretty poor form to ask people to report an IP for doing
> something they are not seeing themselves, and may not even be abuse. What
> does "hitting devices" mean? Pings? SNMP?
>
>
>
> This sort of thing contributes to abuse reponses being poor; lots of
> noise, not much signal.
>
>
>
> On Thu, Feb 4, 2021 at 1:22 PM JoeSox <joesox at gmail.com> wrote:
>
>
>
> This IP is hitting devices on cellular networks for the past day or so.
>
>   https://www.abuseipdb.com/whois/79.124.62.86
>
> I think this is the info to report it to the ISP.  Any help or if everyone
> can report it, I would be a happy camper.
>
>
>
> abuse at 4cloud.mobi; abuse at fiberinternet.bg
>
>
>
> https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0
>
>
>
> --
>
> Thank You,
>
> Joe
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210204/ad148f06/attachment.html>