On Tue, Jan 02, 2018 at 11:35:14PM -0800, Troy Mursch wrote: > Back in September, I documented my poor experience with AS12876 here:
[snip] That AS has been originating brute-force attacks against ssh, pop, imap, etc. for at least four years (and likely longer, but I didn't have older logs handy). It's also a persistent high-volume source of spam. Its operators are either thoroughly incompetent or fully complicit; there's no way to tell from outside and operationally, it makes no difference. So at minimum I recommend blocking all connections from it to authenticated services and refusing all SMTP traffic from rev.poneytelecom.eu and rev.cloud.scaleway.com. ---rsk
