[178976] in North American Network Operators' Group
Re: Getting hit hard by CHINANET
daemon@ATHENA.MIT.EDU (Anthony Kosednar)
Wed Mar 18 17:11:23 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <CA+w+2f9vMAgFTTH=KVZANdQjTuRdyNH4yBVV9vhDRqGFFOCB_g@mail.gmail.com>
From: Anthony Kosednar <anthony.kosednar@gmail.com>
Date: Tue, 17 Mar 2015 18:51:24 -0700
To: Terrance Devor <ter.devor@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Hello Terrance,
I've seen this IP several times in our threat logs.It is a known threat and
has even been called out by Norse (
http://www.norse-corp.com/blog-thursday-140828.html).
I recommend blocking the ip at the edge of your network. If it becomes more
of a problem, ask one of your upstream providers to block him you upstream
of you as well. They shouldn't hesitate as it is clearly labeled a known
threat.
Thanks,
-
Anthony
On Mon, Mar 16, 2015 at 7:06 PM, Terrance Devor <ter.devor@gmail.com> wrote:
> Hello Everyone,
>
> I really hope this is not against group policy etc.. however our network is
> being hit
> hard by a China IP for the past 6 months. Our systems our up to date,
> passwordless
> ssh etc.. but they're DOS attempts are getting more and more aggressive.
> Tried to
> contact their phone number to no success (not valid). Emails don't get any
> response.
> The IP is 218.77.79.43. Do we have any options?
>
> Terrance
>
