nanog mailing list archives

Re: Automatic abuse reports

From: Daniël W. Crompton <daniel.crompton () gmail com>
Date: Wed, 13 Nov 2013 01:15:13 +0100

On 12 November 2013 22:52, Sam Moats <sam () circlenet us> wrote:

We used to use a small perl script called tattle that would parse out the
/var/log/secure on our *nix boxes, isolate the inbound ssh exploits, lookup
the proper abuse contacts and report them. I haven't seen anything similar
in years but it would be interesting to do more than null route IPs.



We also used to have a script which did something similar but for more than
just inbound ssh, for the most part this was ineffective.

D.


blaze your trail

-- 
Daniël W. Crompton <daniel.crompton () gmail com>

<http://specialbrands.net/>

<http://specialbrands.net/>
http://specialbrands.net/

       <http://twitter.com/webhat>
<http://www.facebook.com/webhat><http://plancast.com/webhat><http://www.linkedin.com/in/redhat>

Current thread:

Automatic abuse reports Jonas Björklund (Nov 12)
- Re: Automatic abuse reports Sam Moats (Nov 12)
  - Re: Automatic abuse reports Daniël W . Crompton (Nov 12)
  - Re: Automatic abuse reports William Herrin (Nov 12)
    - Re: Automatic abuse reports Sam Moats (Nov 12)
    - Re: Automatic abuse reports William Herrin (Nov 12)
    - Re: Automatic abuse reports Brandon Galbraith (Nov 12)
    - Re: Automatic abuse reports joel jaeggli (Nov 12)
- Re: Automatic abuse reports Jeroen Massar (Nov 12)
- Re: Automatic abuse reports Randy Bush (Nov 12)
- Re: Automatic abuse reports Curtis, Bruce (Nov 13)
- <Possible follow-ups>
- Re: Automatic abuse reports Hal Murray (Nov 12)
  - Re: Automatic abuse reports Sam Moats (Nov 13)

(Thread continues...)