Date: Thu, 19 Feb 2009 14:36:26 -0600 From: Andrew Gould <andrewlylegould@gmail.com> To: GESBBB <gesbbb@yahoo.com> Cc: FreeBSD Users Questions <freebsd-questions@freebsd.org> Subject: Re: off topic: reporting attempts to access computers Message-ID: <d356c5630902191236s744621e5m1bc846ad4e01edcf@mail.gmail.com> In-Reply-To: <428745.19949.qm@web32102.mail.mud.yahoo.com> References: <d356c5630902191000n16c3d3a0md98c4246a5ff2c79@mail.gmail.com> <428745.19949.qm@web32102.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 19, 2009 at 2:01 PM, GESBBB <gesbbb@yahoo.com> wrote: > > From: Andrew Gould andrewlylegould@gmail.com > > > > What information should I send to an abuse@* address when reporting a > > break-in attempt? > > > > My logs show a dictionary attack of invalid user names against port 22. > I > > obtained an abuse@* email address using 'whois' and reported the > beginning > > and ending date/times and the originating IP address. > > > > Is there any other information I need to send? Is there someone else I > > should notify? > > > > Most of the attacks I receive are from other continents, so I just block > the > > network range found via 'whois'. In this case, the IP address is fairly > > local, so I'm hesitant to block the entire range. > > There are some applications that you might want to install that can help. > Personally, I have found reporting the abuse virtually useless. I use to > just include the entire log with the data that pertained to the user in > question; however, that just proved a waste of time. > > If you are using 'passwords' to access your account, you might want to > consider using certificates instead. That is far safer than using a password > that eventually can be cracked. > > -- > Jerry > Yes, it's probably time to move to certificates. Thanks for the suggestion. Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d356c5630902191236s744621e5m1bc846ad4e01edcf>