Abuse reporting based on whois
Florian Weimer
fw at deneb.enyo.de
Sat May 22 11:10:02 PDT 2004
* fbsd user:
> My ipfilter firewall is blocking 35 to 150 un-solicited inbound
> port packets per minute coming from all over the world. I have an
> dynamic IP address assigned by my ISP, so I know the senders are
> scanning an whole subnet range of IP address for the ports they are
> interested in. I have to pay for this background packet noise in
> bandwidth usage surcharges. I decided to research and try to build
> an process to report this abuse to the ISP's who own the source IP
> address that is scanning the whole subnet ranges of IP address I
> belong to.
A significant part of those scans have spoofed source addresses.
Unless you complete a three-way handshake (for TCP scans only, of
course) and thus validate the source address, your observations are
probably not worth reporting.
--
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: bigpond.com, di-ve.com, hotmail.com, jumpy.it,
libero.it, netscape.net, postino.it, simplesnet.pt, spymac.com,
tatanova.com, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, yahoo.com.
More information about the freebsd-isp
mailing list