[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Spamming and ssh attack from a customers

Subject: Spamming and ssh attack from a customers
From: mike-nanog at tiedyenetworks.com (Mike)
Date: Thu, 06 Jan 2011 00:26:24 -0800
In-reply-to: <[email protected]>
References: <[email protected]>

On 01/06/2011 12:21 AM, Tarig Ahmed wrote:
> hi all
>
> I am receiving emails from many servers saying that: this ip (from a
> customer) is trying to attacking one of our servers.
>
> Is it appropriate to filter ssh, telnet, and smtp from my customers, or
> just forward the message to my customer contact persons?
>

Depends on your acceptable use policy and terms of service. I would say 
trying to micromanage the ip protos being used for these attacks is just 
creating work for you - if they are the source, and you have credible 
reports, then the customer should be notified and they should commit to 
resolving the problem. If they won't or aren't able to respond 
effectively, I would say that (depdning on the who and what of your 
customer), shutting down the port may be a viable next step.

Mike-

Follow-Ups:
- FW: Spamming and ssh attack from a customers
  - From: tariq198487 at hotmail.com (Tarig Yassin)

References:
- Spamming and ssh attack from a customers
  - From: tariq198487 at hotmail.com (Tarig Ahmed)

Prev by Date: NIST IPv6 document
Next by Date: FW: Spamming and ssh attack from a customers
Previous by thread: Spamming and ssh attack from a customers
Next by thread: FW: Spamming and ssh attack from a customers
Index(es):
- Date
- Thread