off topic: reporting attempts to access computers
GESBBB
gesbbb at yahoo.com
Thu Feb 19 12:01:17 PST 2009
> From: Andrew Gould andrewlylegould at gmail.com
>
> What information should I send to an abuse@* address when reporting a
> break-in attempt?
>
> My logs show a dictionary attack of invalid user names against port 22. I
> obtained an abuse@* email address using 'whois' and reported the beginning
> and ending date/times and the originating IP address.
>
> Is there any other information I need to send? Is there someone else I
> should notify?
>
> Most of the attacks I receive are from other continents, so I just block the
> network range found via 'whois'. In this case, the IP address is fairly
> local, so I'm hesitant to block the entire range.
There are some applications that you might want to install that can help. Personally, I have found reporting the abuse virtually useless. I use to just include the entire log with the data that pertained to the user in question; however, that just proved a waste of time.
If you are using 'passwords' to access your account, you might want to consider using certificates instead. That is far safer than using a password that eventually can be cracked.
--
Jerry
More information about the freebsd-questions
mailing list