Date: Sat, 22 May 2004 20:09:24 +0200 From: Florian Weimer <fw@deneb.enyo.de> To: fbsd_user@a1poweruser.com Cc: "freebsd-isp@FreeBSD. ORG" <freebsd-isp@FreeBSD.ORG> Subject: Re: Abuse reporting based on whois Message-ID: <87r7tctju3.fsf@deneb.enyo.de> In-Reply-To: <MIEPLLIBMLEEABPDBIEGIEDMFPAA.fbsd_user@a1poweruser.com> (fbsd user's message of "Sat, 22 May 2004 11:39:00 -0400") References: <MIEPLLIBMLEEABPDBIEGIEDMFPAA.fbsd_user@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* fbsd user: > My ipfilter firewall is blocking 35 to 150 un-solicited inbound > port packets per minute coming from all over the world. I have an > dynamic IP address assigned by my ISP, so I know the senders are > scanning an whole subnet range of IP address for the ports they are > interested in. I have to pay for this background packet noise in > bandwidth usage surcharges. I decided to research and try to build > an process to report this abuse to the ISP's who own the source IP > address that is scanning the whole subnet ranges of IP address I > belong to. A significant part of those scans have spoofed source addresses. Unless you complete a three-way handshake (for TCP scans only, of course) and thus validate the source address, your observations are probably not worth reporting. -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: bigpond.com, di-ve.com, hotmail.com, jumpy.it, libero.it, netscape.net, postino.it, simplesnet.pt, spymac.com, tatanova.com, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, yahoo.com.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87r7tctju3.fsf>