NonAgg Bogons Sufficient
-
For those that feel the nonagg bogons list is still sufficient. Here is a bogon attempt at SSH port that would not have been blocked by the nonagg list.
Jan 11 05:59:37 WAN 64.185.229.240:64439 d.d.d.d:22 TCP:S
Would rarely if ever get any blocked bogons with the nonagg list. But now with the full list it actually blocks something every once in a while.
-
Well thats the problem, Not every IP will get blocklisted.
- 70% of people have DHCP
- 30% of people have Static
-
Well thats the problem, Not every IP will get blocklisted.
- 70% of people have DHCP
- 30% of people have Static
Forgive me. But huh?
-
What im trying to say is…
30% of people have Static IPs and then 70% of people have Dynamic IP
-
For those that feel the nonagg bogons list is still sufficient. Here is a bogon attempt at SSH port that would not have been blocked by the nonagg list.
Jan 11 05:59:37 WAN 64.185.229.240:64439 d.d.d.d:22 TCP:S
Would rarely if ever get any blocked bogons with the nonagg list. But now with the full list it actually blocks something every once in a while.
And what is your point? IMHO the benefits of blocking a couple more ssh login attempts per day (btw in my case 90% of all ssh login attempts seem to come from compromised systems in data centers in US and EU) doesn't seem to out-weigh the risk of blocking legitimate connections if you fail to update the full bogon-list…
On the other hand, if you had a popular system that was targeted with DoS attacks from bogon IPs, then it'd certainly be a good idea to use the full bogon list.
Just my 2 cents ...
-
Sure enough, ARIN shows non-allocated, but it's in the Internet routing table. In my BGP:
flags destination gateway lpref med aspath origin
64.185.229.0/24 x.x.x.x 100 0 27325 7459 3356 27431 iIt's AS 27431.
JTL Networks Inc.
240 N Fifth Street
Suite 210
Columbus OHLooks like a legit company, my guess is one of their customers is being bad and they're announcing that space without realizing it.
I emailed their abuse with info.
-
Apparently their abuse department doesn't care.
Feb 2 22:39:07 WAN 64.185.229.239:50267 d.d.d.d:22 TCP:S