[134473] in North American Network Operators' Group
Re: Spamming and ssh attack from a customers
daemon@ATHENA.MIT.EDU (Mike)
Thu Jan 6 03:31:38 2011
Date: Thu, 06 Jan 2011 00:26:24 -0800
From: Mike <mike-nanog@tiedyenetworks.com>
To: nanog@nanog.org
In-Reply-To: <BLU0-SMTP18666EADDBA40B2B455F798BB0A0@phx.gbl>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 01/06/2011 12:21 AM, Tarig Ahmed wrote:
> hi all
>
> I am receiving emails from many servers saying that: this ip (from a
> customer) is trying to attacking one of our servers.
>
> Is it appropriate to filter ssh, telnet, and smtp from my customers, or
> just forward the message to my customer contact persons?
>
Depends on your acceptable use policy and terms of service. I would say
trying to micromanage the ip protos being used for these attacks is just
creating work for you - if they are the source, and you have credible
reports, then the customer should be notified and they should commit to
resolving the problem. If they won't or aren't able to respond
effectively, I would say that (depdning on the who and what of your
customer), shutting down the port may be a viable next step.
Mike-
