On Tue, 28 Apr 2020, Matt Corallo wrote:
Sadly dumb kids are plentiful. If you have to nag an abuse desk every time they sell a server to a kid who’s experimenting with nmap for the first time then.... we’ll end up exactly where we are - abuse contacts are not a reliable way to get in touch with anyone, and definitely not a reliable way to do so fast or with any reasonably large network. Please don’t clog the otherwise-useful system.
compromised servers on your infrastructure hosting nigerian criminals look much the same as a script kiddie experimenting with nmap.
If you have trouble sleeping at night, I’d recommend the “PasswordAuthentication no” option in sshd_config.
you either care about reports of potentially compromised hosts on your infrastructure or you don't. -Dan