Getting hit hard by CHINANET

Anthony Kosednar anthony.kosednar at gmail.com
Wed Mar 18 01:51:24 UTC 2015


Hello Terrance,

I've seen this IP several times in our threat logs.It is a known threat and
has even been called out by Norse (
http://www.norse-corp.com/blog-thursday-140828.html).

I recommend blocking the ip at the edge of your network. If it becomes more
of a problem, ask one of your upstream providers to block him you upstream
of you as well. They shouldn't hesitate as it is clearly labeled a known
threat.

Thanks,

-
Anthony


On Mon, Mar 16, 2015 at 7:06 PM, Terrance Devor <ter.devor at gmail.com> wrote:

> Hello Everyone,
>
> I really hope this is not against group policy etc.. however our network is
> being hit
> hard by a China IP for the past 6 months. Our systems our up to date,
> passwordless
> ssh etc.. but they're DOS attempts are getting more and more aggressive.
> Tried to
> contact their phone number to no success (not valid). Emails don't get any
> response.
> The IP is 218.77.79.43. Do we have any options?
>
> Terrance
>


More information about the NANOG mailing list