Date: Thu, 19 Feb 2009 12:01:16 -0800 (PST) From: GESBBB <gesbbb@yahoo.com> To: FreeBSD Users Questions <freebsd-questions@freebsd.org> Subject: Re: off topic: reporting attempts to access computers Message-ID: <428745.19949.qm@web32102.mail.mud.yahoo.com> References: <d356c5630902191000n16c3d3a0md98c4246a5ff2c79@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: Andrew Gould andrewlylegould@gmail.com=0A> =0A> What information sh= ould I send to an abuse@* address when reporting a=0A> break-in attempt?=0A= > =0A> My logs show a dictionary attack of invalid user names against port = 22.=A0 I=0A> obtained an abuse@* email address using 'whois' and reported t= he beginning=0A> and ending date/times and the originating IP address.=0A> = =0A> Is there any other information I need to send?=A0 Is there someone els= e I=0A> should notify?=0A> =0A> Most of the attacks I receive are from othe= r continents, so I just block the=0A> network range found via 'whois'.=A0 I= n this case, the IP address is fairly=0A> local, so I'm hesitant to block t= he entire range.=0A=0AThere are some applications that you might want to in= stall that can help. Personally, I have found reporting the abuse virtually= useless. I use to just include the entire log with the data that pertained= to the user in question; however, that just proved a waste of time.=0A=0AI= f you are using 'passwords' to access your account, you might want to consi= der using certificates instead. That is far safer than using a password tha= t eventually can be cracked.=0A=0A-- =0AJerry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?428745.19949.qm>