Suspicious IP reporting

Fri Feb 5 01:16:05 UTC 2021

Ryan,
Thanks but like I said these devices are in moving vehicles ok?
I stated we have a plan but it is ways out.
FACT: we have a known malicious C&C
FACT: We know what networks it is hitting and the cellular network is the
most vulnerable, imo.
FACT: this IP is against Verizon terms of service so the way to address it
is to report it to them as they request.

I honestly got what I needed from this thread, thanks. And I thank the
nonbullies that helped me off list.
--
Thank You,
Joe

On Thu, Feb 4, 2021 at 5:11 PM Ryan Hamel <administrator at rkhtech.org> wrote:

> Joe,
>
>
>
> It isn’t on Verizon to setup a firewall, especially if you have a direct
> public IP service. The device being attached directly to the Internet (no
> matter the transmission medium), must be able to protect itself. ISPs
> provide routers which function as a NAT/Firewall appliance, to provide a
> means of safety and convenience for them, but also charge you a rental fee.
>
>
>
> Stick a Cradlepoint router or something in front of your device, if you
> want an external means of protection. Otherwise you’ll need to enable the
> Windows Firewall if it’s a Windows system, or setup iptables on Linux,
> ipfw/pf on *BSD, etc.
>
>
>
> Ryan
>
>
>
> *From:* JoeSox <joesox at gmail.com>
> *Sent:* Thursday, February 4, 2021 5:04 PM
> *To:* ryan at rkhtech.org
> *Cc:* TJ Trout <tj at pcguys.us>; NANOG <nanog at nanog.org>
> *Subject:* Re: Suspicious IP reporting
>
>
>
> How do I setup a firewall when I am not a Verizon engineer?
>
> There is a firewall via the antivirus and operating system but that's it.
>
> Do you not understand my issue? I thought that is the real problem with
> the online bullies in this thread.
>
> --
>
> Thank You,
>
> Joe
>
>
>
>
>
> On Thu, Feb 4, 2021 at 5:01 PM Ryan Hamel <administrator at rkhtech.org>
> wrote:
>
> Joe,
>
>
>
> The underlying premise here is, “pick your battles”. If you don’t want an
> IP address to access your device in anyway, setup a firewall and properly
> configure it to accept whitelisted traffic only, or just expose a VPN
> endpoint. The Internet is full of both good and bad actors that probe and
> scan anything and everything.
>
>
>
> While some appreciate the notification here, others will find it annoying.
> We cannot report anything malicious about an IP address on the Internet,
> unless it does harm to us specifically, otherwise it is false reporting and
> does create more noise at the ISP, and waste more time getting to the
> underlying issue.
>
>
>
> Ryan
>
>
>
> *From:* NANOG <nanog-bounces+ryan=rkhtech.org at nanog.org> *On Behalf Of *
> JoeSox
> *Sent:* Thursday, February 4, 2021 4:41 PM
> *To:* TJ Trout <tj at pcguys.us>
> *Cc:* NANOG <nanog at nanog.org>
> *Subject:* Re: Suspicious IP reporting
>
>
>
> Do others see this online bully started by Tom? The leader has spoken so
> the minions follow :)
>
> This list  sometimes LOL
>
> I think if everyone gets off their high horse, the list communication
> would be less noisy for the list veterans.
>
> --
>
> Thank You,
>
> Joe
>
>
>
>
>
> On Thu, Feb 4, 2021 at 4:36 PM TJ Trout <tj at pcguys.us> wrote:
>
> This seems like a highly suspect request coming from a North American
> network operator...?
>
>
>
>
>
> On Thu, Feb 4, 2021 at 10:23 AM JoeSox <joesox at gmail.com> wrote:
>
>
>
> This IP is hitting devices on cellular networks for the past day or so.
>
>   https://www.abuseipdb.com/whois/79.124.62.86
>
> I think this is the info to report it to the ISP.  Any help or if everyone
> can report it, I would be a happy camper.
>
>
>
> abuse at 4cloud.mobi; abuse at fiberinternet.bg
>
>
>
> https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0
>
>
>
> --
>
> Thank You,
>
> Joe
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210204/dd62b576/attachment.html>