[134474] in North American Network Operators' Group
FW: Spamming and ssh attack from a customers
daemon@ATHENA.MIT.EDU (Tarig Yassin)
Thu Jan 6 03:43:26 2011
From: Tarig Yassin <tariq198487@hotmail.com>
To: nanog <nanog@nanog.org>
Date: Thu, 6 Jan 2011 11:43:18 +0300
In-Reply-To: <4D257CB0.5000807@tiedyenetworks.com>
Cc: Asim Khair <dceo@suin.edu.sd>, Dr-Iman SUIN <ceo@suin.edu.sd>,
uofk Yassir <yassir@suin.edu.sd>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> Depends on your acceptable use policy and terms of service.
> If they won't or aren't able to respond effectively=2C I would say that =
(depdning on the who and what of your=20
> customer)=2C shutting down the port may be a viable next step.
>=20
Hi mike
=20
In our case=2C the AUP gives us the right to do so=2C and some customers ar=
e not able.=20
Is possible to deligate this issue to them (Through RIRs databeses=2C emai=
ls will be sent to them directly not through us)? without new ASN and BGP r=
equirements?
=20
thanks
--=20
Tarig Y. Adam
SUIN
www.suin.edu.sd
=20
> Date: Thu=2C 6 Jan 2011 00:26:24 -0800
> From: mike-nanog@tiedyenetworks.com
> To: nanog@nanog.org
> Subject: Re: Spamming and ssh attack from a customers
>=20
> On 01/06/2011 12:21 AM=2C Tarig Ahmed wrote:
> > hi all
> >
> > I am receiving emails from many servers saying that: this ip (from a
> > customer) is trying to attacking one of our servers.
> >
> > Is it appropriate to filter ssh=2C telnet=2C and smtp from my customers=
=2C or
> > just forward the message to my customer contact persons?
> >
>=20
> Depends on your acceptable use policy and terms of service. I would say=20
> trying to micromanage the ip protos being used for these attacks is just=
=20
> creating work for you - if they are the source=2C and you have credible=20
> reports=2C then the customer should be notified and they should commit to=
=20
> resolving the problem. If they won't or aren't able to respond=20
> effectively=2C I would say that (depdning on the who and what of your=20
> customer)=2C shutting down the port may be a viable next step.
>=20
> Mike-
>=20
>=20
=
