Abuse Desks

Stephen Satchell list at satchell.net
Wed Apr 29 16:08:03 UTC 2020


On 4/29/20 8:41 AM, Mel Beckman wrote:
> Is there any reason to have a root-enabled (or any) ssh server
> exposed to the bare Internet? Any at all? Can you name one? I can’t.
> That’s basically pilot error.

Remember HeartBleed?  That didn't require a rout-enabled SSH server.  It 
didn't require SSH server.

That said, I use TCPWRAPPER to limit access to SSH to specific IP 
addresses.  I process my LogWatch messages manually.  I pull the fire 
alarm for showshoe probes, and excessive number of probes (over 30 in a 
24-hour period).  No registered [email protected] address in the WHOIS?  The 
offending netblock goes into my edge router ACL, because I have learned 
that ne'er-do-wells without working [email protected] usually have other bad habits.

And I disclose this practice to all who use my network.

(Blackmail emails are another set-and-forget trigger, but that's a 
subject for NANAE newsgroup.)



More information about the NANOG mailing list