Security Incidents mailing list archives
Re: SSH probe attack afoot?
From: Tim <tim-forensics () sentinelchicken org>
Date: Tue, 8 Feb 2005 10:45:24 -0500
Just curious here, after finding out where the IP addresses come from, do you go ahead and send a abuse complains to each one of them?
Yes, this can actually be effective in this instance... For the typical windoze box hitting you with SMB attacks, it isn't worth the time. But for a *ix attack coming from another *ix system, there's usually more at stake for the person's system who was compromised, and is now attacking you. After a long string of these brute force attacks on my system, from a particular IP, I got fed up and did some research. Found out it was coming from a RedHat box running an ISP's DNS. I notified them and they quickly took the system offline, and appologized. =) tim
Current thread:
- Re: SSH probe attack afoot?, (continued)
- Re: SSH probe attack afoot? xyberpix (Feb 07)
- Re: SSH probe attack afoot? Stephen Warren (Feb 08)
- Re: SSH probe attack afoot? j () 65535 com (Feb 08)
- Re: SSH probe attack afoot? Stephen Warren (Feb 08)
- Re: SSH probe attack afoot? Barrie Dempster (Feb 07)
- Re: SSH probe attack afoot? j lake (Feb 08)
- Re: SSH probe attack afoot? Jeffrey Goldberg (Feb 12)
- Re: SSH probe attack afoot? Stephen J. Smoogen (Feb 12)
- Re: SSH probe attack afoot? Jeffrey Goldberg (Feb 16)
- Re: SSH probe attack afoot? Joe Egloff (Feb 07)
- Re: SSH probe attack afoot? naverxp (Feb 08)
- Re: SSH probe attack afoot? Tim (Feb 08)
- Re: SSH probe attack afoot? Frank Knobbe (Feb 08)
- Re: SSH probe attack afoot? Matt Fisher (Feb 09)
- Re: SSH probe attack afoot? naverxp (Feb 08)
- Re: SSH probe attack afoot? Joe Egloff (Feb 08)
- Re: SSH probe attack afoot? Barrie Dempster (Feb 08)
- Re: SSH probe attack afoot? j () 65535 com (Feb 09)
- Chinese HTTP ACKs David Gillett (Feb 09)
- Re: Chinese HTTP ACKs Frank Knobbe (Feb 09)
- Re: SSH probe attack afoot? Barrie Dempster (Feb 08)
- Re: SSH probe attack afoot? xyberpix (Feb 07)