nanog at as397444.net
Wed Apr 29 22:35:55 UTC 2020
I do, in this case, have such a right, because I know exactly what is going on in my network, and any non-automated
system (ie, a human who reads the one sentence in the whois comments) does as well.
Of course, I'm not going to get up in arms about it because this isn't about me (I just put the abuse contact in
comments and the abuse field set to @example.com and the noise goes away, though I admit I'd prefer to actually see the
noise, in case there is something interesting), its about the fact that the abuse system is now nigh on useless for the
big players, who are sadly often the source of things that really should be shut down.
On 4/29/20 5:05 PM, William Herrin wrote:
>> On 4/28/20 11:57 AM, Mike Hammett wrote:
>>> I noticed over the weekend that a Fail2Ban instance's complain function wasn't working. I fixed it.
> On the one hand, if you have programmed your computer to originate
> email to lots of people without any review to consider the email's
> accuracy or whether the recipients would welcome it... then you are
> being inconsiderate and likely spamming. You should stop doing that.
> You're just contributing to the noise.
> On Tue, Apr 28, 2020 at 9:40 AM Matt Corallo via NANOG <nanog at nanog.org> wrote:
>> Please don't use this kind of crap to send automated "we received 3 login attempts on our SSH box..waaaaaaaaa" emails.
>> This is why folks don't have abuse contacts that are responsive to real issues anymore.
> On the other hand, if your network is the source of bad behavior that
> such automated messages complain of, you should be far more concerned
> with the criminal in your midst than any rudeness on the part of
> whoever made the report. Consider carefully why you didn't already
> know that one of your users' computers was scanning ssh ports and
> hadn't already mitigated it. Are you being proactive or just
> responding to complaints?
> I last worked for an ISP in 2004 and even then it was a cinch to map a
> default route to a capture device and see who was spraying unrouted
> space with connection attempts. If you want to wait until someone
> complains, do you have the right to be annoyed by the form that
> complaint take?
More information about the NANOG