Dealing with abuse complaints to non-existent contacts

Christopher Rogers phiber at
Sun Aug 10 17:20:15 UTC 2014

2014-08-10 10:18 GMT-07:00 Jon Lewis <jlewis at>:

> On Sun, 10 Aug 2014, Gabriel Marais wrote:
>  I have been receiving some major ssh brute-force attacks coming from
>> random
>> hosts in the - network. I have sent a complaint
>> to
>> the e-mail addresses obtained from a whois query on one of the IP
>> Addresses.
>> My e-mail bounced back from both recipients. Once being rejected by filter
>> and the other because the e-mail address doesn't exist. I would have
>> thought that contact details are rather important to be up to date, or
>> not?
> Why?
>  Besides just blocking the IP range on my firewall, I was wondering what
>> others would do in this case?
> I've been blocking SSH from random IPs for many years.  Unless you have to
> run an open system that customers SSH into (unlikely in these times), my
> recommendation is block SSH entirely from non-trusted networks and setup
> some form of port-knocking or similar access controls such that legitimate
> users can open a window to make their connection, but the rest of the world
> never sees your sshd.
> Playing whack-a-mole with firewall or access log violations is a waste of
> time.
> ----------------------------------------------------------------------
>  Jon Lewis, MCP :)           |  I route
>                              |  therefore you are
> _________ for PGP public key_________

More information about the NANOG mailing list