From owner-freebsd-questions@FreeBSD.ORG Wed May 3 23:19:29 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F50716A401 for ; Wed, 3 May 2006 23:19:29 +0000 (UTC) (envelope-from bigby@ephemeron.org) Received: from dsl.ephemeron.org (dsl092-035-072.lax1.dsl.speakeasy.net [66.92.35.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9BDC643D45 for ; Wed, 3 May 2006 23:19:28 +0000 (GMT) (envelope-from bigby@ephemeron.org) Received: from home.ephemeron.org (root@home.fake.net [10.0.2.3]) by dsl.ephemeron.org (8.12.11/8.12.11) with ESMTP id k43NJSxr030919; Wed, 3 May 2006 16:19:28 -0700 (PDT) (envelope-from bigby@ephemeron.org) Received: from home.ephemeron.org (bigby@localhost [127.0.0.1]) by home.ephemeron.org (8.13.4/8.13.4) with ESMTP id k43NK1BN061259; Wed, 3 May 2006 16:20:01 -0700 (PDT) (envelope-from bigby@ephemeron.org) Received: from localhost (bigby@localhost) by home.ephemeron.org (8.13.4/8.13.4/Submit) with ESMTP id k43NK1va061256; Wed, 3 May 2006 16:20:01 -0700 (PDT) (envelope-from bigby@ephemeron.org) X-Authentication-Warning: home.ephemeron.org: bigby owned process doing -bs Date: Wed, 3 May 2006 16:20:01 -0700 (PDT) From: Bigby Findrake To: Robert Huff In-Reply-To: <17497.9228.336693.720080@jerusalem.litteratus.org> Message-ID: <20060503160708.X55239@home.ephemeron.org> References: <17497.9228.336693.720080@jerusalem.litteratus.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: questions@freebsd.org Subject: Re: Semi-OT: responding to attempted breakins X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 May 2006 23:19:29 -0000 On Wed, 3 May 2006, Robert Huff wrote: > > As a result of installing new bits on my system, and paying > attention to old ones, I've noticed several attempted break-ins > which I currently believe have been unsucessful. > As I have the appropriate log files, I'd like to contact the > administrators and ISPs for the systems involved. Can someone > recommend a good response boilerplate - something that's concise, > informative, professional, friendly, and yet firm? I've been pretty religious about "responsible reporting" for about 6 months now, reporting all ssh (and recently FTP) attacks to the originating ISP. If I may, allow me to infer from your desire to be "firm" that you would like to cause the behaviour stop, and to give you a piece of advice. I believe that you will be very unhappy if you are reporting for that reason. The attacks, probes, tests, attempts - all of them - aren't going to stop, except by filtering those packets out through one mechanism (a firewall) or another (disconnecting your 'net connection). You will end up bailing water with a teaspoon. /-------------------------------------------------------------------------/ He's the kind of guy, that, well, if you were ever in a jam he'd be there ... with two slices of bread and some chunky peanut butter. finger://bigby@ephemeron.org http://www.ephemeron.org/~bigby/ irc://irc.ephemeron.org/#the_pub news://news.ephemeron.org/alt.lemurs /-------------------------------------------------------------------------/