North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Customer-facing ACLs

  • From: Adrian Chadd
  • Date: Mon Mar 10 10:44:47 2008

> >Do bots try brute force attacks on Telnet and FTP? All I see at my firewall
> >are SSH attacks and spam. But sure, if there's a lot of Telnet abuse block
> >23 too; I think it's used about as rarely by "normal" customers as SSH is.
> >
> Depending on the ip space I find FTP brute force attacks 10 times more 
> common than SSH attacks. There really isn't a blanket rule you can impose.
> On a different note, unless you clearly advertise that you're offering 
> filtered services I don't really find the practice ethical - and no a 
> tiny line in the TOS doesn't really cut it IMHO.
> That doesn't mean it can't be done, simply spin the imposed ACL as a 
> value-add and that your customers are now on a "safer internet".

Does anyone have any handy links to actual raw data and papers about this?

I'm sure we've all got our own personal datapoints to support automated
network probes but I'd prefer to stuff something slightly more concrete
and official(!) into the Wiki.