The only reason I made my comments because I actually work for an ISP. It's quite
uncommon for us to block traffic out-of-hand.
E.G. - in 44-chat, we have discussed some of an actual malware/possible-APT on a node
testing us from the AMPRNet-side of the connection, yet we have a discussion of valid IPs
doing known research. I agree firewalling is an important practice. (It's a good time
to note the late B. Kantor, SK also suggests not running honeypots, as they respond to
traffic sometimes).
While nodes with DNS entries see no traffic, the requests still inundate the UCSD-Internet
facing side of the AMPRGW 10 Gbps interface - blocking doesn't stop that. Those
running servers should use best-practices.
e.g. I was being hit with someone trying to send spoofed TCP (something...it was a
reflected DDOS)ACKs. This TCP Retry response is on the Kernel level. This is just one
example. I recorded this in the Level 3 OpenWrt forum, I think I can make it level 2 and
share the link.
73,
- LynwoodKB3VWG