What is the connection between not spoofing IP addresses and reports of malicious activity from your own IPs, other than setting a good example and hoping the rest of the world follows suit?
From: That One Guy /sarcasm Sent: Tuesday, April 05, 2016 10:49 AM To: [email protected] Subject: Re: [AFMUG] malicious activity reports nfoservers.com is also one that reports, id be more inclined to follow up on those We used to drop all but new/establised/related but ran into som issues with assymetric communication getting dropped On Tue, Apr 5, 2016 at 10:27 AM, Dennis Burgess <[email protected]> wrote: Are you doing proper BCP 38 configuration, ensuring that you are not spoofing IP addresses? From: Af [mailto:[email protected]] On Behalf Of Ken Hohhof Sent: Tuesday, April 5, 2016 10:20 AM To: [email protected] Subject: Re: [AFMUG] malicious activity reports Sure it isn’t security-database.com? In any case, a lot of DDoS traffic is from spoofed IPs, so alerting the holder of the IP block probably isn’t very helpful. Are these customer or infrastructure IPs? If it was a server or router IP, I might check to see if maybe I was being used in an amplification attack. If it’s a customer IP, I wouldn’t just forward it to the customer without more investigation. I have never heard of securitydatabase.com before. I would pay more attention if the alert was coming from a corporation, university, or government IT department that had some credibility, or another ISP. From: Josh Reynolds Sent: Tuesday, April 05, 2016 10:06 AM To: [email protected] Subject: Re: [AFMUG] malicious activity reports You weren't kidding... Wow. I'd buy that. Wait, what's the question again? :) On Apr 5, 2016 10:04 AM, "That One Guy /sarcasm" <[email protected]> wrote: We have been receiving reports of our IPs being used in various malicious activity (ddos and whatnot). securitydatabase.com is the primary sender of the notifications. Their website is just some chic in a half shirt selling cheap security stuff, so its suspect to me whether these are legitimate complaints I should forward on to our customers -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
