Spamming and ssh attack from a customers
hi all I am receiving emails from many servers saying that: this ip (from a customer) is trying to attacking one of our servers. Is it appropriate to filter ssh, telnet, and smtp from my customers, or just forward the message to my customer contact persons? Thanks in advance.. Tarig Yassin Ahmed
On 01/06/2011 12:21 AM, Tarig Ahmed wrote:
hi all
I am receiving emails from many servers saying that: this ip (from a customer) is trying to attacking one of our servers.
Is it appropriate to filter ssh, telnet, and smtp from my customers, or just forward the message to my customer contact persons?
Depends on your acceptable use policy and terms of service. I would say trying to micromanage the ip protos being used for these attacks is just creating work for you - if they are the source, and you have credible reports, then the customer should be notified and they should commit to resolving the problem. If they won't or aren't able to respond effectively, I would say that (depdning on the who and what of your customer), shutting down the port may be a viable next step. Mike-
Depends on your acceptable use policy and terms of service. If they won't or aren't able to respond effectively, I would say that (depdning on the who and what of your customer), shutting down the port may be a viable next step.
Hi mike In our case, the AUP gives us the right to do so, and some customers are not able. Is possible to deligate this issue to them (Through RIRs databeses, emails will be sent to them directly not through us)? without new ASN and BGP requirements? thanks -- Tarig Y. Adam SUIN www.suin.edu.sd
Date: Thu, 6 Jan 2011 00:26:24 -0800 From: mike-nanog@tiedyenetworks.com To: nanog@nanog.org Subject: Re: Spamming and ssh attack from a customers
On 01/06/2011 12:21 AM, Tarig Ahmed wrote:
hi all
I am receiving emails from many servers saying that: this ip (from a customer) is trying to attacking one of our servers.
Is it appropriate to filter ssh, telnet, and smtp from my customers, or just forward the message to my customer contact persons?
Depends on your acceptable use policy and terms of service. I would say trying to micromanage the ip protos being used for these attacks is just creating work for you - if they are the source, and you have credible reports, then the customer should be notified and they should commit to resolving the problem. If they won't or aren't able to respond effectively, I would say that (depdning on the who and what of your customer), shutting down the port may be a viable next step.
Mike-
In message <BLU0-SMTP18666EADDBA40B2B455F798BB0A0@phx.gbl>, Tarig Ahmed writes:
hi all
I am receiving emails from many servers saying that: this ip (from a customer) is trying to attacking one of our servers.
Is it appropriate to filter ssh, telnet, and smtp from my customers, or just forward the message to my customer contact persons?
I suspect that your customer is compromised and you should put them in a walled garden until they fix the problem. Look at traffic flows first however.
Thanks in advance..
Tarig Yassin Ahmed -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
participants (4)
-
Mark Andrews
-
Mike
-
Tarig Ahmed
-
Tarig Yassin