Security Basics mailing list archives
Re: Reporting SSH abuse
From: Feeyo|NixDevs <feeyo () nixdevs com>
Date: Thu, 11 Mar 2010 06:17:58 +0100
Hello, Yes we always send an notification to the isp owning that ip address. Most of the times the servers doing an ssh bruteforce attack on others are hacked/infected. Best thing to do is send an email to abuse@ISP and attach the logs. Regards, On 3/10/2010 12:08 AM, Dan Lynch wrote:
I could swear I once read an "authoritative" source doc on this subject, maybe an RFC (Site Security Handbook?), or something from CERT. But I can't seem to dig it up. Anyone? Here's what I did find: Going to the Source: Reporting Security Incidents to ISPs (2002) http://www.securityfocus.com/infocus/1555 And a most-excellent write up "Composing abuse reports" (2007) http://blog.anta.net/2007/04/18/composing-abuse-reports/ Dan Lynch, CISSP Information Technology Analyst County of Placer Auburn, CA-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Dan Pilcheck Sent: Tuesday, March 09, 2010 10:37 AM To: security-basics () securityfocus com Subject: Reporting SSH abuse Hello list, I've been getting a slew of SSH brute forces coming from a university inside the US over the past week. Normally I wouldn't even bother with reporting, but I figured this would be a chance to clear this up. Fail2ban bans for 10 hours, and then the login attempts area right back at it. Repeat. An email with associated logs, and perhaps a little info from this side is the best I can come up with. I suppose there's not much else to report, though. Is there a 'standard' format to report ssh abuse? Like there is with vuln reporting? IMO, I doubt anything will happen, but if it were coming from my network, I'd like a notification. -- Who is to say that the next step in evolution is not a statistical chance but rather a by-product of our own will? That from here on out, nature stops deciding who survives and who doesn't, but our own decisions? -------------------------------------------------------------- ---------- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946; e13b6be442f727d1 -------------------------------------------------------------- ---------------------------------------------------------------------------------- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Reporting SSH abuse Dan Pilcheck (Mar 09)
- Re: Reporting SSH abuse Liquid (Mar 10)
- Re: Reporting SSH abuse Greg R (Mar 15)
- RE: Reporting SSH abuse Dan Lynch (Mar 10)
- Re: Reporting SSH abuse Feeyo|NixDevs (Mar 15)
- Re: Reporting SSH abuse James Bensley (Mar 10)
- Re: Reporting SSH abuse Chris Lyon (Mar 15)
- Re: Reporting SSH abuse mgk (Mar 19)
- Re: Reporting SSH abuse Liquid (Mar 10)