Suspicious IP reporting

• Previous message (by thread): Suspicious IP reporting
• Next message (by thread): Amsterdam Dark Fiber
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Let's assume that I submitted an abuse report on your behalf. I'm not going
to do it on behalf of my company; I'm not seeing this issue. So I'd have to
do it in a personal capacity.

Who do I report it to? Let's say my ISP is Charter, and my cell provider is
AT&T. Reporting to either one would not provide you any benefit, since you
are seeing the suspect traffic to you via Verizon. Let's assume I file the
reports anyways. What do I say? I haven't seen the traffic in question, so
I have no idea what it is. I can't provide any specifics in my abuse report
that would be helpful. I'm certainly not going to just copypasta some
information from abusedbip; I can't speak to the accuracy of anything
there.

Finally, I'm just another guy on the list, nobody special. I certainly
don't feel that there was any bullying involved on my part or others, but I
won't comment further; the intensity of your reaction would lead me to
believe it would be unproductive.

Best of luck in addressing your issues.

On Thu, Feb 4, 2021 at 8:17 PM JoeSox <joesox at gmail.com> wrote:

> Ryan,
> Thanks but like I said these devices are in moving vehicles ok?
> I stated we have a plan but it is ways out.
> FACT: we have a known malicious C&C
> FACT: We know what networks it is hitting and the cellular network is the
> most vulnerable, imo.
> FACT: this IP is against Verizon terms of service so the way to address it
> is to report it to them as they request.
>
> I honestly got what I needed from this thread, thanks. And I thank the
> nonbullies that helped me off list.
> --
> Thank You,
> Joe
>
>
> On Thu, Feb 4, 2021 at 5:11 PM Ryan Hamel <administrator at rkhtech.org>
> wrote:
>
>> Joe,
>>
>>
>>
>> It isn’t on Verizon to setup a firewall, especially if you have a direct
>> public IP service. The device being attached directly to the Internet (no
>> matter the transmission medium), must be able to protect itself. ISPs
>> provide routers which function as a NAT/Firewall appliance, to provide a
>> means of safety and convenience for them, but also charge you a rental fee.
>>
>>
>>
>> Stick a Cradlepoint router or something in front of your device, if you
>> want an external means of protection. Otherwise you’ll need to enable the
>> Windows Firewall if it’s a Windows system, or setup iptables on Linux,
>> ipfw/pf on *BSD, etc.
>>
>>
>>
>> Ryan
>>
>>
>>
>> *From:* JoeSox <joesox at gmail.com>
>> *Sent:* Thursday, February 4, 2021 5:04 PM
>> *To:* ryan at rkhtech.org
>> *Cc:* TJ Trout <tj at pcguys.us>; NANOG <nanog at nanog.org>
>> *Subject:* Re: Suspicious IP reporting
>>
>>
>>
>> How do I setup a firewall when I am not a Verizon engineer?
>>
>> There is a firewall via the antivirus and operating system but that's it.
>>
>> Do you not understand my issue? I thought that is the real problem with
>> the online bullies in this thread.
>>
>> --
>>
>> Thank You,
>>
>> Joe
>>
>>
>>
>>
>>
>> On Thu, Feb 4, 2021 at 5:01 PM Ryan Hamel <administrator at rkhtech.org>
>> wrote:
>>
>> Joe,
>>
>>
>>
>> The underlying premise here is, “pick your battles”. If you don’t want an
>> IP address to access your device in anyway, setup a firewall and properly
>> configure it to accept whitelisted traffic only, or just expose a VPN
>> endpoint. The Internet is full of both good and bad actors that probe and
>> scan anything and everything.
>>
>>
>>
>> While some appreciate the notification here, others will find it
>> annoying. We cannot report anything malicious about an IP address on the
>> Internet, unless it does harm to us specifically, otherwise it is false
>> reporting and does create more noise at the ISP, and waste more time
>> getting to the underlying issue.
>>
>>
>>
>> Ryan
>>
>>
>>
>> *From:* NANOG <nanog-bounces+ryan=rkhtech.org at nanog.org> *On Behalf Of *
>> JoeSox
>> *Sent:* Thursday, February 4, 2021 4:41 PM
>> *To:* TJ Trout <tj at pcguys.us>
>> *Cc:* NANOG <nanog at nanog.org>
>> *Subject:* Re: Suspicious IP reporting
>>
>>
>>
>> Do others see this online bully started by Tom? The leader has spoken so
>> the minions follow :)
>>
>> This list  sometimes LOL
>>
>> I think if everyone gets off their high horse, the list communication
>> would be less noisy for the list veterans.
>>
>> --
>>
>> Thank You,
>>
>> Joe
>>
>>
>>
>>
>>
>> On Thu, Feb 4, 2021 at 4:36 PM TJ Trout <tj at pcguys.us> wrote:
>>
>> This seems like a highly suspect request coming from a North American
>> network operator...?
>>
>>
>>
>>
>>
>> On Thu, Feb 4, 2021 at 10:23 AM JoeSox <joesox at gmail.com> wrote:
>>
>>
>>
>> This IP is hitting devices on cellular networks for the past day or so.
>>
>>   https://www.abuseipdb.com/whois/79.124.62.86
>>
>> I think this is the info to report it to the ISP.  Any help or if
>> everyone can report it, I would be a happy camper.
>>
>>
>>
>> abuse at 4cloud.mobi; abuse at fiberinternet.bg
>>
>>
>>
>> https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0
>>
>>
>>
>> --
>>
>> Thank You,
>>
>> Joe
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210205/435b2741/attachment.html>

• Previous message (by thread): Suspicious IP reporting
• Next message (by thread): Amsterdam Dark Fiber
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]