[102955] in North American Network Operators' Group
Re: Customer-facing ACLs
daemon@ATHENA.MIT.EDU (Chris Marlatt)
Mon Mar 10 10:18:47 2008
X-Antivirus-RXSEC-Mail-From: cmarlatt@rxsec.com via core.rxsec.com
Date: Mon, 10 Mar 2008 10:10:23 -0400
From: Chris Marlatt <cmarlatt@rxsec.com>
To: Dave Pooser <dave.nanog@alfordmedia.com>
CC: nanog@merit.edu
In-Reply-To: <C3F73EC7.15FBF3%dave.nanog@alfordmedia.com>
Errors-To: owner-nanog@merit.edu
Dave Pooser wrote:
>
> Do bots try brute force attacks on Telnet and FTP? All I see at my firewall
> are SSH attacks and spam. But sure, if there's a lot of Telnet abuse block
> 23 too; I think it's used about as rarely by "normal" customers as SSH is.
>
Depending on the ip space I find FTP brute force attacks 10 times more
common than SSH attacks. There really isn't a blanket rule you can impose.
On a different note, unless you clearly advertise that you're offering
filtered services I don't really find the practice ethical - and no a
tiny line in the TOS doesn't really cut it IMHO.
That doesn't mean it can't be done, simply spin the imposed ACL as a
value-add and that your customers are now on a "safer internet".
Regards,
Chris
