Semi-OT: responding to attempted breakins
Bigby Findrake
bigby at ephemeron.org
Wed May 3 23:19:29 UTC 2006
On Wed, 3 May 2006, Robert Huff wrote:
>
> As a result of installing new bits on my system, and paying
> attention to old ones, I've noticed several attempted break-ins
> which I currently believe have been unsucessful.
> As I have the appropriate log files, I'd like to contact the
> administrators and ISPs for the systems involved. Can someone
> recommend a good response boilerplate - something that's concise,
> informative, professional, friendly, and yet firm?
I've been pretty religious about "responsible reporting" for about 6
months now, reporting all ssh (and recently FTP) attacks to the
originating ISP.
If I may, allow me to infer from your desire to be "firm" that you would
like to cause the behaviour stop, and to give you a piece of advice. I
believe that you will be very unhappy if you are reporting for that
reason. The attacks, probes, tests, attempts - all of them - aren't going
to stop, except by filtering those packets out through one mechanism (a
firewall) or another (disconnecting your 'net connection). You will end
up bailing water with a teaspoon.
/-------------------------------------------------------------------------/
He's the kind of guy, that, well, if you were ever in a jam he'd be
there ... with two slices of bread and some chunky peanut butter.
finger://bigby@ephemeron.org
http://www.ephemeron.org/~bigby/
irc://irc.ephemeron.org/#the_pub
news://news.ephemeron.org/alt.lemurs
/-------------------------------------------------------------------------/
More information about the freebsd-questions
mailing list