Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Reporting SSH abuse

From: Dan Lynch <DLynch () placer ca gov>
Date: Tue, 9 Mar 2010 15:08:55 -0800
I could swear I once read an "authoritative" source doc on this subject, maybe an RFC (Site Security Handbook?), or 
something from CERT. But I can't seem to dig it up. Anyone?

Here's what I did find:

Going to the Source: Reporting Security Incidents to ISPs (2002)
http://www.securityfocus.com/infocus/1555

And a most-excellent write up "Composing abuse reports" (2007)
http://blog.anta.net/2007/04/18/composing-abuse-reports/



Dan Lynch, CISSP
Information Technology Analyst
County of Placer
Auburn, CA 



-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of Dan Pilcheck
Sent: Tuesday, March 09, 2010 10:37 AM
To: security-basics () securityfocus com
Subject: Reporting SSH abuse

Hello list,

I've been getting a slew of SSH brute forces coming from a university
inside the US over the
past week. Normally I wouldn't even bother with reporting, but I
figured this would be a
chance to clear this up.

Fail2ban bans for 10 hours, and then the login attempts area right
back at it. Repeat.

An email with associated logs, and perhaps a little info from this
side is the best I can come
up with. I suppose there's not much else to report, though.

Is there a 'standard' format to report ssh abuse? Like there is with
vuln reporting?

IMO, I doubt anything will happen, but if it were coming from my
network, I'd like a notification.


-- 
Who is to say that the next step in evolution is not a statistical
chance but rather a by-product of our own will? That from here on out,
nature stops deciding who survives and who doesn't, but our own
decisions?

--------------------------------------------------------------
----------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who 
needs an SSL certificate.  We look at how SSL works, how it 
benefits your company and how your customers can tell if a 
site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache 
web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management 
of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;
e13b6be442f727d1
--------------------------------------------------------------
----------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: