Re: Reporting SSH abuse

[Liquid <liquid () gh0st net>]

Dan Pilcheck wrote:
> Hello list,
>
> I've been getting a slew of SSH brute forces coming from a university
> inside the US over the
> past week. Normally I wouldn't even bother with reporting, but I
> figured this would be a
> chance to clear this up.
>
> Fail2ban bans for 10 hours, and then the login attempts area right
> back at it. Repeat.
>
> An email with associated logs, and perhaps a little info from this
> side is the best I can come
> up with. I suppose there's not much else to report, though.
>
> Is there a 'standard' format to report ssh abuse? Like there is with
> vuln reporting?
>
> IMO, I doubt anything will happen, but if it were coming from my
> network, I'd like a notification.
>
>
>   
Dan,

Honestly thats more than enough. I've had client sites that were doing 
the same and the notifications were more than ample to at least look 
into it. A nice note to the person should work, we had a couple in the 
past where the admin was a complete jerk in letting us know. So 
personally I'd recommend a screenshot of a log and perhaps just listing 
the IP and what its hammering against. (ssh in this case). Hope this helps!

-L

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------