Dealing with abuse complaints to non-existent contacts

Franck Martin fmartin at
Mon Aug 11 22:52:09 UTC 2014

On Aug 10, 2014, at 8:19 AM, Gabriel Marais <gabriel.j.marais at> wrote:

> Hi Nanog
> I'm curious.
> I have been receiving some major ssh brute-force attacks coming from random
> hosts in the - network. I have sent a complaint to
> the e-mail addresses obtained from a whois query on one of the IP Addresses.
> My e-mail bounced back from both recipients. Once being rejected by filter
> and the other because the e-mail address doesn't exist. I would have
> thought that contact details are rather important to be up to date, or not?
> Besides just blocking the IP range on my firewall, I was wondering what
> others would do in this case?

$ host -t txt descriptive text "18977164171 at"

However, I don’t see an mnt-irt: field which is mandatory for APNIC records updated/created after 2010 (unfortunately this object was last updated in 2007). So I would start by pointing to APNIC that no such entry exist and as this network is of importance for the community, the addition of an abuse/IRT POC would be beneficial for everyone and if they could help, this would be greatly appreciated.

But that’s the theory...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the NANOG mailing list