[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Spamming and ssh attack from a customers

Subject: Spamming and ssh attack from a customers
From: marka at isc.org (Mark Andrews)
Date: Thu, 06 Jan 2011 20:11:17 +1100
In-reply-to: Your message of "Thu, 06 Jan 2011 11:21:56 +0300." <[email protected]>
References: <[email protected]>

In message <BLU0-SMTP18666EADDBA40B2B455F798BB0A0 at phx.gbl>, Tarig Ahmed writes:
> hi all
> 
> I am receiving emails from many servers saying that: this ip (from a  
> customer) is trying to attacking one of our servers.
> 
> Is it appropriate to filter ssh, telnet, and smtp from my customers,  
> or just forward the message to my customer contact persons?

I suspect that your customer is compromised and you should put them
in a walled garden until they fix the problem.  Look at traffic
flows first however.

> Thanks in advance..
> 
> Tarig Yassin Ahmed
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

References:
- Spamming and ssh attack from a customers
  - From: tariq198487 at hotmail.com (Tarig Ahmed)

Prev by Date: Qwest access problems
Next by Date: NIST IPv6 document
Previous by thread: FW: Spamming and ssh attack from a customers
Next by thread: Qwest access problems
Index(es):
- Date
- Thread