On 08.04 14:36, Brielle Bruns wrote:
I'm starting to wonder if someone is 'testing the waters' in China to see what they can get away with. I hate to be like this, but there's a reason why I have all of China filtered on my routers.
Beware of prejudice influencing observations and their interpretation.
....
Amazing how much SSH hammering, spam, and other nastiness went away within minutes of the filtering going in place.
Objectively for my networks the vast majority of the SSH hammering, spam and other nastiness would go away if I filtered out the prefixes allocated by ARIN. I do not do that because I want to talk to hosts at these addressses. Sometimes I even want to talk to hosts that originnate the nastiness. I certainly do not want my upstreams start preventing me from doing that. **** Selectively preventing packet flow is *not* a security measure. **** Selectively preventing packet flow leads to unexpected and hard to diagnose breakage. **** Many independent actors selectively preventing packet flow will eventually partition the Internet sufficiently to break it beyond recognition. Preventing packet flow may be necessary to mitigate DoS and to do local security; I have pulled out the network cable before too. However doing it at many different places in the network according to local policies leads to bad breakage. Daniel