off topic: reporting attempts to access computers
Andrew Gould
andrewlylegould at gmail.com
Thu Feb 19 10:00:47 PST 2009
What information should I send to an abuse@* address when reporting a
break-in attempt?
My logs show a dictionary attack of invalid user names against port 22. I
obtained an abuse@* email address using 'whois' and reported the beginning
and ending date/times and the originating IP address.
Is there any other information I need to send? Is there someone else I
should notify?
Most of the attacks I receive are from other continents, so I just block the
network range found via 'whois'. In this case, the IP address is fairly
local, so I'm hesitant to block the entire range.
Thanks,
Andrew
More information about the freebsd-questions
mailing list