Internal vulnerability hosts scan to prevent DDOS

marcel.duregards at yahoo.fr marcel.duregards at yahoo.fr
Tue Oct 25 09:13:52 UTC 2016


Dear members,

We are a small tier-2 isp and we would like to monitor any potentials
risks at our customers ip (we do not want that our AS could be used as a
source for DDOS).

One of many measures is to scan, on a regular basis, all our IP (PI and
PA) to detect any misconfigured customers hosts which could be used for
DDOS.
The scan should be able to detect misconfigured ddns resolver, ntp
server, ssdp host, etc...and any future cool reflection protocol.
If any misconfigured hosts is detected, an alarm should raise on an
dashboard, and an email send to the customers contact (RIR info), and to
our noc.

Radar from qrator provide a similar service via email, but we need our
own server/VM, with customizables features (like email in differents
languages, recall management, acknowledgement request, history (some
customers do not take any actions when we inform them, so we would like
to have history to put pressure on them)).

Does anybody have a solution for that ?

Thank in advance for your input.
Best regards,

--
Marcel


More information about the NANOG mailing list