Is it possible for you to share that filter list you have for china? im getting bogged down by those ssh-bruts as well coming in from china. -B On Thu, Apr 8, 2010 at 2:36 PM, Brielle Bruns <bruns@2mbit.com> wrote:
On 4/8/10 2:23 PM, Jay Hennigan wrote:
We just got Cyclops alerts showing several of our prefixes sourced from AS23474 propagating through AS4134. Anyone else?
aut-num: AS23724 as-name: CHINANET-IDC-BJ-AP descr: IDC, China Telecommunications Corporation country: CN
aut-num: AS4134 as-name: CHINANET-BACKBONE descr: No.31,Jin-rong Street descr: Beijing descr: 100032 country: CN
-- Jay Hennigan - CCIE #7880 - Network Engineering - jay@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
I'm starting to wonder if someone is 'testing the waters' in China to see what they can get away with. I hate to be like this, but there's a reason why I have all of China filtered on my routers.
Amazing how much SSH hammering, spam, and other nastiness went away within minutes of the filtering going in place.
There comes a point where 'accidental' and 'isolated incident' become "we no care" and "spam not illegal". And no, i'm not quoting that to mock, but rather repeat exactly what admins in China send to me in response to abuse reports and blocking in the AHBL.
-- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
-- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments