[173860] in North American Network Operators' Group
Re: Dealing with abuse complaints to non-existent contacts
daemon@ATHENA.MIT.EDU (Franck Martin)
Mon Aug 11 18:52:19 2014
X-Original-To: nanog@nanog.org
From: Franck Martin <fmartin@linkedin.com>
To: Gabriel Marais <gabriel.j.marais@gmail.com>
Date: Mon, 11 Aug 2014 22:52:09 +0000
In-Reply-To: <CAO8NbkRLFtdOs+6sOmEWzRpi3ONwShjPGvicnVQb46MAk+5Lnw@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_DE311C06-4E49-4364-B57A-65B728C077C6
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=windows-1252
On Aug 10, 2014, at 8:19 AM, Gabriel Marais <gabriel.j.marais@gmail.com> =
wrote:
> Hi Nanog
>=20
> I'm curious.
>=20
> I have been receiving some major ssh brute-force attacks coming from =
random
> hosts in the 116.8.0.0 - 116.11.255.255 network. I have sent a =
complaint to
> the e-mail addresses obtained from a whois query on one of the IP =
Addresses.
>=20
> My e-mail bounced back from both recipients. Once being rejected by =
filter
> and the other because the e-mail address doesn't exist. I would have
> thought that contact details are rather important to be up to date, or =
not?
>=20
> Besides just blocking the IP range on my firewall, I was wondering =
what
> others would do in this case?
>=20
$ host -t txt 0.0.8.116.abuse-contacts.abusix.org
0.0.8.116.abuse-contacts.abusix.org descriptive text =
"18977164171@189.cn"
However, I don=92t see an mnt-irt: field which is mandatory for APNIC =
records updated/created after 2010 (unfortunately this object was last =
updated in 2007). So I would start by pointing to APNIC that no such =
entry exist and as this network is of importance for the community, the =
addition of an abuse/IRT POC would be beneficial for everyone and if =
they could help, this would be greatly appreciated.
https://www.apnic.net/services/manage-resources/abuse-contacts
But that=92s the theory...
--Apple-Mail=_DE311C06-4E49-4364-B57A-65B728C077C6
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="signature.asc"
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQEcBAEBCgAGBQJT6UkYAAoJEJHd9Bbysc+aSv0IAIImWYraZckjzMBRRpy9Y2lw
p4RZJTbxg8tgENX8GL+3rA1qESYpvwTwvPJmV7lPQzZ4yPjWWjW/45iFpOgRdWdX
hSyFf87gmzARgMhcJNXGfkqUVJKMrUs2GYNBJBKODPgddfw0lguckTymc6xYRKBE
F8997XVWx1BfiyPT9DLL0RZPq/ckIjhUEitm1W5mLf74751cLoUYoybrujvJw8bR
gnVu5NCBN5IxJk/639SUWC7EVcxmIFSFKM8v6dUn31S7g9j/wzJDUqReBWX27Stz
Lpary8r2RFrufqKafjIJxiMs8bPNzhWPtOSN4deNQ6AdDkVvvHz0PwpHQiARDo0=
=wAyJ
-----END PGP SIGNATURE-----
--Apple-Mail=_DE311C06-4E49-4364-B57A-65B728C077C6--
