Re: Reporting SSH abuse

[Feeyo|NixDevs <feeyo () nixdevs com>]

Hello,

Yes we always send an notification to the isp owning that ip address.
Most of the times the servers doing an ssh bruteforce attack on others
are hacked/infected.
Best thing to do is send an email to abuse@ISP and attach the logs.

Regards,

On 3/10/2010 12:08 AM, Dan Lynch wrote:
> I could swear I once read an "authoritative" source doc on this subject, maybe an RFC (Site Security Handbook?), or 
> something from CERT. But I can't seem to dig it up. Anyone?
>
> Here's what I did find:
>
> Going to the Source: Reporting Security Incidents to ISPs (2002)
> http://www.securityfocus.com/infocus/1555
>
> And a most-excellent write up "Composing abuse reports" (2007)
> http://blog.anta.net/2007/04/18/composing-abuse-reports/
>
>
>
> Dan Lynch, CISSP
> Information Technology Analyst
> County of Placer
> Auburn, CA 
>
>
>   
> > -----Original Message-----
> > From: listbounce () securityfocus com 
> > [mailto:listbounce () securityfocus com] On Behalf Of Dan Pilcheck
> > Sent: Tuesday, March 09, 2010 10:37 AM
> > To: security-basics () securityfocus com
> > Subject: Reporting SSH abuse
> >
> > Hello list,
> >
> > I've been getting a slew of SSH brute forces coming from a university
> > inside the US over the
> > past week. Normally I wouldn't even bother with reporting, but I
> > figured this would be a
> > chance to clear this up.
> >
> > Fail2ban bans for 10 hours, and then the login attempts area right
> > back at it. Repeat.
> >
> > An email with associated logs, and perhaps a little info from this
> > side is the best I can come
> > up with. I suppose there's not much else to report, though.
> >
> > Is there a 'standard' format to report ssh abuse? Like there is with
> > vuln reporting?
> >
> > IMO, I doubt anything will happen, but if it were coming from my
> > network, I'd like a notification.
> >
> >
> > -- 
> > Who is to say that the next step in evolution is not a statistical
> > chance but rather a by-product of our own will? That from here on out,
> > nature stops deciding who survives and who doesn't, but our own
> > decisions?
> >
> > --------------------------------------------------------------
> > ----------
> > Securing Apache Web Server with thawte Digital Certificate
> > In this guide we examine the importance of Apache-SSL and who 
> > needs an SSL certificate.  We look at how SSL works, how it 
> > benefits your company and how your customers can tell if a 
> > site is secure. You will find out how to test, purchase, 
> > install and use a thawte Digital Certificate on your Apache 
> > web server. Throughout, best practices for set-up are 
> > highlighted to help you ensure efficient ongoing management 
> > of your encryption keys and digital certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;
> > e13b6be442f727d1
> > --------------------------------------------------------------
> > ----------
> >
> >
> >     
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>
>   


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------