Re: Abuse reporting based on whois

From: Florian Weimer (fw_at_deneb.enyo.de)
Date: 05/22/04

  • Next message: fbsd_user: "RE: Abuse reporting based on whois" 
    To: fbsd_user@a1poweruser.com
Date: Sat, 22 May 2004 20:09:24 +0200

    * fbsd user:

    > My ipfilter firewall is blocking 35 to 150 un-solicited inbound
    > port packets per minute coming from all over the world. I have an
    > dynamic IP address assigned by my ISP, so I know the senders are
    > scanning an whole subnet range of IP address for the ports they are
    > interested in. I have to pay for this background packet noise in
    > bandwidth usage surcharges. I decided to research and try to build
    > an process to report this abuse to the ISP's who own the source IP
    > address that is scanning the whole subnet ranges of IP address I
    > belong to.

    A significant part of those scans have spoofed source addresses.
    Unless you complete a three-way handshake (for TCP scans only, of
    course) and thus validate the source address, your observations are
    probably not worth reporting. 

    -- 
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: bigpond.com, di-ve.com, hotmail.com, jumpy.it,
libero.it, netscape.net, postino.it, simplesnet.pt, spymac.com,
tatanova.com, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, yahoo.com.
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
  • Next message: fbsd_user: "RE: Abuse reporting based on whois"