nfoservers.com is also one that reports, id be more inclined to follow up on those
We used to drop all but new/establised/related but ran into som issues with assymetric communication getting dropped On Tue, Apr 5, 2016 at 10:27 AM, Dennis Burgess <[email protected]> wrote: > Are you doing proper BCP 38 configuration, ensuring that you are not > spoofing IP addresses? > > > > *From:* Af [mailto:[email protected]] *On Behalf Of *Ken Hohhof > *Sent:* Tuesday, April 5, 2016 10:20 AM > *To:* [email protected] > *Subject:* Re: [AFMUG] malicious activity reports > > > > Sure it isn’t security-database.com? > > > > In any case, a lot of DDoS traffic is from spoofed IPs, so alerting the > holder of the IP block probably isn’t very helpful. > > > > Are these customer or infrastructure IPs? If it was a server or router > IP, I might check to see if maybe I was being used in an amplification > attack. If it’s a customer IP, I wouldn’t just forward it to the customer > without more investigation. I have never heard of securitydatabase.com > before. I would pay more attention if the alert was coming from a > corporation, university, or government IT department that had some > credibility, or another ISP. > > > > > > *From:* Josh Reynolds <[email protected]> > > *Sent:* Tuesday, April 05, 2016 10:06 AM > > *To:* [email protected] > > *Subject:* Re: [AFMUG] malicious activity reports > > > > You weren't kidding... Wow. I'd buy that. > > Wait, what's the question again? :) > > On Apr 5, 2016 10:04 AM, "That One Guy /sarcasm" < > [email protected]> wrote: > > We have been receiving reports of our IPs being used in various malicious > activity (ddos and whatnot). > > securitydatabase.com is the primary sender of the notifications. Their > website is just some chic in a half shirt selling cheap security stuff, so > its suspect to me whether these are legitimate complaints I should forward > on to our customers > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
