[AusNOG] Softlayer tech pls contact re brute force from your network

Darren Moss Darren.Moss at cloud365.com.au
Tue Dec 6 16:38:56 EST 2016


Yeah I know. It wasn't them, it was another VPN provider from the UK routing through SL.

This was a case of a naughty customer who provided contact details that pointed to party A, whilst routing via party B.

It took so long for SL to find someone who knew what to do, so in the end we null routed the networks of the VPN provider and that's the end of them for our customers. 


Cheers


Darren.

-----Original Message-----
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Andrew McN
Sent: Tuesday, 6 December 2016 4:27 PM
To: null
Subject: Re: [AusNOG] Softlayer tech pls contact re brute force from your network

Note that Softlayer host servers for PrivateInternetAccess.com's VPN service.

Given the metadata retention issue, It's to be expected that many legitimate users will use VPNs (and far more should do so), and that tends to break a lot of assumptions re stopping miscreant traffic at the source.

You can block incoming traffic from softlayer, and it may be that you can get softlayer to block outgoing traffic to you.  Either approach is likely to block legitimate traffic.

Andrew


On 06/12/16 15:03, Paul Wilkins wrote:
> /Or am I just being a stick-in-the-mud old-skewl fart?
> 
> /
> Ross,
> Not at all.
> 
> In fact, the Telecommunications Sector Security Reform bill is slowly 
> wending its way into legislation.
> 
> https://www.ag.gov.au/telcosecurity
> 
> I'm not sure exactly what "establishing a security obligation, 
> applicable to all C/CSPs requiring them to do their best to protect 
> their networks from unauthorised access and interference" will mean in 
> practice, but the point is, there will be an obligation to "do your 
> best". The terminology strikes me as odd though, because I thought we 
> already did our best, that's how we get to keep our jobs.
> 
> Kind regards
> 
> Paul Wilkins
> 
> 
> 
> On 6 December 2016 at 14:41, Ross Wheeler <ausnog at rossw.net 
> <mailto:ausnog at rossw.net>> wrote:
> 
> 
> 
>     On Mon, 5 Dec 2016, Scott Howard wrote:
> 
>         http://www.fail2ban.org/
> 
>          Scott
> 
> 
>     Blocking at the destination is a quick way to reduce the impact, but
>     it still consumes resources, wastes bandwidth and leaves the
>     original host (the source of the problem) un-addressed.
> 
>     If the box has been compromised, I'm sure the owner would like to know.
>     If the owner is using it for questionable or illegal activity, I'd
>     expect the hosting provider would like to know about it and take action.
> 
>     A firewall rule at (a singular) endpoint might be the current "least
>     effort" way of addressing network problems, but imagine if everyone
>     did their job and kept their particular corner of the internet tidy,
>     how much easier it'd be for us all?
> 
>     Or am I just being a stick-in-the-mud old-skewl fart?
> 
>     _______________________________________________
>     AusNOG mailing list
>     AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>     http://lists.ausnog.net/mailman/listinfo/ausnog
>     <http://lists.ausnog.net/mailman/listinfo/ausnog>
> 
> 
> 
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> 
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog


More information about the AusNOG mailing list