25 Jan
2023
25 Jan
'23
3:45 p.m.
On Tue, Jan 24, 2023 at 1:51 PM Rob PE1CHL via 44net <44net(a)mailman.ampr.org>
wrote:
It is relatively easy to autoblock such scanners at a
gateway due to the
large address space that we have, and its relatively sparse use.
Once you notice a lot of incoming traffic on unallocated subnets, you know
it is from a scanner.
We do this for HamWAN's (BGP-announced) address space. We have a couple
intentionally-dark IP addresses, and if the edge routers detect packets
destined to these addresses, the source gets blocked in the firewall.
Our reasoning is something I haven't seen addressed in this thread yet.
Beyond the edge routers, there are parts of the network that transmit on
amateur radio. As control operators of this network, we have an obligation
to ensure that regulations are followed as closely as possible. These
scanners are traffic not initiated by an amateur radio operator, so we try
to block them from reaching the part of the network that uses radio.
Tom KD7LXL