Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Basic unsolicited scan protection at Skhron
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Basic unsolicited scan protection at Skhron

tentortentor Member, Patron Provider
in News

Safety of our clients and reliability of provided services are absolute priorities for our team, hence we inform you about release of in-house solution to prevent malicious activity, also known as unauthorized reconnaissance, regarding our clients' services, hosted by us.

The developed system consists of a bundle of following modules:

  1. Software router - redirects a traffic directed to an unused address space to a separate network segment containing a set of traps,
  2. TCP trap is logging each connection event,
  3. log processor - analyzing meta-information of connections to the TCP trap (address and port of a source as well as destination),
  4. abuse complaint generator accepts input from the log processor and notifies responsible parties about a security incident (developed by our technical team and is freely available to all)

This architecture, although built using a number of standard and public modules, is quite unique because unlike alternative approaches used by a number of large hosting providers, the proposed solution is resistant to IP spoofing attack kind, and therefore will not allow the attacker to forge cases of abuse.

In addition, the system includes a number of algorithms that prevent false positives in cases where a client, for example, has made an error when trying to connect to an existing server.

Comments

  • yoursunnyyoursunny Member, IPv6 Advocate

    I'm announcing three /44 subnets but only six /48 subnets are in use.
    Can I forward the unused address space traffic to your network segment remotely, to help you collect abuse patterns?
    You can be my BGP downstream over IP6GRE tunnel.

  • tentortentor Member, Patron Provider

    @yoursunny said:
    I'm announcing three /44 subnets but only six /48 subnets are in use.
    Can I forward the unused address space traffic to your network segment remotely, to help you collect abuse patterns?
    You can be my BGP downstream over IP6GRE tunnel.

    Unfortunately, we are not yet able to announce network on our own, however we are working on it.

    If you wish, I can provide you more technical information on how can you setup the same on your premises.

    Although, as far as I can see from our networks, there is low to no bot traffic at IPv6 - I have only seen few researchers so far and all they rely on some kind of heuristics like ipv6hitlist.github.io - so I doubt if there will be any traffic at idling IPv6 blocks.

Sign In or Register to comment.