What to do if ISP rejects Abuse Reports?
Hello, my systems get attacked from several IPs from Georgia (Countrycode=GE, RIR=RIPE). My Abuse Reports to the abuse address (ib@caucasus.net) of the responsible ISP for the attacker IPs (caucasus.net) just bounce: #ID: <SCC9B> #Mail From: <security@mutluit.com> #Rcpt To: <ib@caucasus.net> #Server: <mail.caucasus.net> [62.168.168.131] # #[<02>] The reason of the delivery failure was: # #550 5.7.1 <security@mutluit.com>: Sender address rejected: Blocked by postmaster What to do in this case?
On 14/Jan/12 14:19, U.Mutlu wrote:
my systems get attacked from several IPs from Georgia (Countrycode=GE, RIR=RIPE). My Abuse Reports to the abuse address (ib@caucasus.net) of the responsible ISP for the attacker IPs (caucasus.net) just bounce:
#ID: <SCC9B> #Mail From: <security@mutluit.com> #Rcpt To: <ib@caucasus.net> #Server: <mail.caucasus.net> [62.168.168.131]
Only found it on http://www.backscatterer.org/?ip=62.168.168.131
#[<02>] The reason of the delivery failure was: # #550 5.7.1 <security@mutluit.com>: Sender address rejected: Blocked by postmaster
What to do in this case?
What I do is to ban the offending IP address for some months, using a firewall filter. I try to notify that I do so to <postmaster> at that address if it listens on port 25, or to any *-c of that network. Is this the recommended procedure?
participants (2)
-
Alessandro Vesely -
U.Mutlu