[134477] in North American Network Operators' Group
Re: Spamming and ssh attack from a customers
daemon@ATHENA.MIT.EDU (Mark Andrews)
Thu Jan 6 04:11:47 2011
To: Tarig Ahmed <tariq198487@hotmail.com>
From: Mark Andrews <marka@isc.org>
In-reply-to: Your message of "Thu, 06 Jan 2011 11:21:56 +0300."
<BLU0-SMTP18666EADDBA40B2B455F798BB0A0@phx.gbl>
Date: Thu, 06 Jan 2011 20:11:17 +1100
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
In message <BLU0-SMTP18666EADDBA40B2B455F798BB0A0@phx.gbl>, Tarig Ahmed writes:
> hi all
>
> I am receiving emails from many servers saying that: this ip (from a
> customer) is trying to attacking one of our servers.
>
> Is it appropriate to filter ssh, telnet, and smtp from my customers,
> or just forward the message to my customer contact persons?
I suspect that your customer is compromised and you should put them
in a walled garden until they fix the problem. Look at traffic
flows first however.
> Thanks in advance..
>
> Tarig Yassin Ahmed
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
