Security Incidents mailing list archives

Re: SSH probe attack afoot?

From: Tim <tim-forensics () sentinelchicken org>
Date: Tue, 8 Feb 2005 10:45:24 -0500

Just curious here, after finding out where the IP addresses come from, 
do you go ahead and send a abuse complains to each one of them?


Yes, this can actually be effective in this instance...  For the typical
windoze box hitting you with SMB attacks, it isn't worth the time.  But
for a *ix attack coming from another *ix system, there's usually more at
stake for the person's system who was compromised, and is now attacking
you. 

After a long string of these brute force attacks on my system, from a
particular IP, I got fed up and did some research.  Found out it was
coming from a RedHat box running an ISP's DNS.  I notified them and they
quickly took the system offline, and appologized. =)

tim

Current thread:

Re: SSH probe attack afoot?, (continued)
- Re: SSH probe attack afoot? xyberpix (Feb 07)
  - Re: SSH probe attack afoot? Stephen Warren (Feb 08)
    - Re: SSH probe attack afoot? j () 65535 com (Feb 08)
- Re: SSH probe attack afoot? Barrie Dempster (Feb 07)
- Re: SSH probe attack afoot? j lake (Feb 08)
- Re: SSH probe attack afoot? Jeffrey Goldberg (Feb 12)
  - Re: SSH probe attack afoot? Stephen J. Smoogen (Feb 12)
  - Re: SSH probe attack afoot? Jeffrey Goldberg (Feb 16)
- Re: SSH probe attack afoot? Joe Egloff (Feb 07)
  - Re: SSH probe attack afoot? naverxp (Feb 08)
    - Re: SSH probe attack afoot? Tim (Feb 08)
  - Re: SSH probe attack afoot? Frank Knobbe (Feb 08)
    - Re: SSH probe attack afoot? Matt Fisher (Feb 09)
- Re: SSH probe attack afoot? Joe Egloff (Feb 08)
  - Re: SSH probe attack afoot? Barrie Dempster (Feb 08)
    - Re: SSH probe attack afoot? j () 65535 com (Feb 09)
    - Chinese HTTP ACKs David Gillett (Feb 09)
    - Re: Chinese HTTP ACKs Frank Knobbe (Feb 09)