nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Paging Unified Layer/AS46606 in re: NET-162-240-0-0-1 (162.240.0.0/15)

From: Josh Luthman via NANOG <nanog () lists nanog org>
Date: Thu, 4 Sep 2025 09:45:18 -0400
That's what fires do - they grow :)

On Thu, Sep 4, 2025 at 9:44 AM Mike Hammett <nanog () ics-il net> wrote:


Until it isn't.



-----
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP


----- Original Message -----
From: "Josh Luthman" <josh () imaginenetworksllc com>
To: "North American Network Operators Group" <nanog () lists nanog org>
Cc: "Mike Hammett" <nanog () ics-il net>
Sent: Thursday, September 4, 2025 8:43:37 AM
Subject: Re: Paging Unified Layer/AS46606 in re: NET-162-240-0-0-1 (
162.240.0.0/15)


Why bother putting out the small fire? It's only a small fire.


On Thu, Sep 4, 2025 at 9:40 AM Mike Hammett via NANOG <
nanog () lists nanog org > wrote:


and yet just being okay with background radiation only encourages the
background radiation to no longer just lurk in the background.



-----
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP


----- Original Message -----
From: "nanog--- via NANOG" < nanog () lists nanog org >
To: "North American Network Operators Group" < nanog () lists nanog org >
Cc: nanog () immibis com
Sent: Thursday, September 4, 2025 3:05:55 AM
Subject: Re: Paging Unified Layer/AS46606 in re: NET-162-240-0-0-1 (
162.240.0.0/15 )

Who even bothers to complain about internet background radiation? Unless
you're seeing a high volume or you know you have weak passwords...
Otherwise there are plenty of machines out there searching for default SSH
passwords. Just ignore them if they don't affect you.

Many people configure SSH to run on a non-default port number to cut down
on background noise. Or you can filter IPs as already suggested. Or you can
know that you're using a strong authentication method and you're patched
for CVE-2024-6387/6409, and leave it be.

Please note that reporting abuse for non-incidents is itself an attack.
There was an attack last year where someone sent spoofed port 22 SYN
packets from IP addresses of Tor relays, resulting in a flood of
trigger-happy "security" companies writing abuse emails to hosts of Tor
relays who weren't involved, risking taking down large parts of the Tor
network.



On 4 September 2025 03:16:17 CEST, Rich Kulawiec via NANOG <
nanog () lists nanog org > wrote:

Who puts a quota on an abuse mailbox...and then allows that quote to
be reached?


Date: Tue, 2 Sep 2025 12:38:24 +0000

Delivery has failed to these recipients or groups:

abuse () bluehost com <mailto: abuse () bluehost com >
The recipient's mailbox is full and can't accept messages now. Please

try r=

esending your message later, or contact the recipient directly.


I've got nothin': my usual string of exasperated profanities has failed

me.


Anyway, y'all have attackers using various VPS instances on your network
to conduct coordinated brute-force ssh attacks, and you should make that
stop yesterday.

Details? Logs? Yes, yes, I know, I did try to send them to you -- but
see the above for the explanation covering why you didn't receive them.

Also: for the love of dog, fix this nonsense.

---rsk
_______________________________________________
NANOG mailing list


https://lists.nanog.org/archives/list/nanog () lists nanog org/message/6CFCYFIP5FHUL4PBZQNOUV2SW6DNK44U/
_______________________________________________
NANOG mailing list

https://lists.nanog.org/archives/list/nanog () lists nanog org/message/A2ZFPUI7XEE4YHM7QJ433TWBRCLMYAYA/


_______________________________________________
NANOG mailing list

https://lists.nanog.org/archives/list/nanog () lists nanog org/message/ZDCAEF7Z72EHJC3QWNFHTAPTIZ76VF6O/



_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/HF4SFNBVTWVC4JGVH4NQGEHXBUHOGHPV/
Previous By Date Next
Previous By Thread Next

Current thread: