Abuse Desks

William Herrin bill at herrin.us
Wed Apr 29 21:05:47 UTC 2020


> On 4/28/20 11:57 AM, Mike Hammett wrote:
> > I noticed over the weekend that a Fail2Ban instance's complain function wasn't working. I fixed it.

On the one hand, if you have programmed your computer to originate
email to lots of people without any review to consider the email's
accuracy or whether the recipients would welcome it... then you are
being inconsiderate and likely spamming. You should stop doing that.
You're just contributing to the noise.

On Tue, Apr 28, 2020 at 9:40 AM Matt Corallo via NANOG <nanog at nanog.org> wrote:
> Please don't use this kind of crap to send automated "we received 3 login attempts on our SSH box..waaaaaaaaa" emails.
> This is why folks don't have abuse contacts that are responsive to real issues anymore.

On the other hand, if your network is the source of bad behavior that
such automated messages complain of, you should be far more concerned
with the criminal in your midst than any rudeness on the part of
whoever made the report. Consider carefully why you didn't already
know that one of your users' computers was scanning ssh ports and
hadn't already mitigated it. Are you being proactive or just
responding to complaints?

I last worked for an ISP in 2004 and even then it was a cinch to map a
default route to a capture device and see who was spraying unrouted
space with connection attempts. If you want to wait until someone
complains, do you have the right to be annoyed by the form that
complaint take?

Regards,
Bill Herrin




--
William Herrin
bill at herrin.us
https://bill.herrin.us/



More information about the NANOG mailing list