[44net] Re: Request: Blocking censys-scanner.com scans on AMPR subnets

The only reason I made my comments because I actually work for an ISP. It's quite uncommon for us to block traffic out-of-hand. E.G. - in 44-chat, we have discussed some of an actual malware/possible-APT on a node testing us from the AMPRNet-side of the connection, yet we have a discussion of valid IPs doing known research. I agree firewalling is an important practice. (It's a good time to note the late B. Kantor, SK also suggests not running honeypots, as they respond to traffic sometimes). While nodes with DNS entries see no traffic, the requests still inundate the UCSD-Internet facing side of the AMPRGW 10 Gbps interface - blocking doesn't stop that. Those running servers should use best-practices. e.g. I was being hit with someone trying to send spoofed TCP (something...it was a reflected DDOS)ACKs. This TCP Retry response is on the Kernel level. This is just one example. I recorded this in the Level 3 OpenWrt forum, I think I can make it level 2 and share the link. 73, - Lynwood KB3VWG _______________________________________________ 44net mailing list -- 44net(a)mailman.ampr.org To unsubscribe send an email to 44net-leave(a)mailman.ampr.org