On 3/31/2014 10:51 PM, Joe wrote:
I received several reports today regarding some scans for udp items from
shadowservers hosted out of H.E. Seems to claim to be checking for issues
regarding udp issues, amp issues, which I am all fine for, but my issue is
this. It trips several IDP/IPS traps pretty much causing issues that I have
to resolve. I have one user that is a home user (outside one of my /16)
that has seen this as well. Now with that said are these folks that do this
going to pay for one of my users that pay per bit for this? Does garbage in
to this really provide a garbage clean? I see they are planing on a bunch
of other protocols too, so that's nice.
If I was paying per bit I would probably want my ISP to rate limit and
firewall lots of traffic before it ever reached my pay-per-bit line.
Otherwise I would be paying for huge amounts of unsolicited traffic from
everywhere.
I'm not sure where to go with this other than to advise my other folks to
drop this traffic from their 184.105.139.64/26 networks and hope for the
best regarding my FAP folks.
Regards,
-Joe
If you're comfortable that your internal audits are accurate and what
these people are doing won't provide you any value, I don't see what
harm it would do to block them. Since they also have to worry about
botnet authors blocking their traffic, I imagine they might change IP
ranges after a while. You might complain to them directly and see if
they can add you to a do not poll list. It looks like they have a
couple of emails for issues listed here:
https://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork
