off topic: reporting attempts to access computers
Andrew Gould
andrewlylegould at gmail.com
Thu Feb 19 12:36:28 PST 2009
On Thu, Feb 19, 2009 at 2:01 PM, GESBBB <gesbbb at yahoo.com> wrote:
> > From: Andrew Gould andrewlylegould at gmail.com
> >
> > What information should I send to an abuse@* address when reporting a
> > break-in attempt?
> >
> > My logs show a dictionary attack of invalid user names against port 22.
> I
> > obtained an abuse@* email address using 'whois' and reported the
> beginning
> > and ending date/times and the originating IP address.
> >
> > Is there any other information I need to send? Is there someone else I
> > should notify?
> >
> > Most of the attacks I receive are from other continents, so I just block
> the
> > network range found via 'whois'. In this case, the IP address is fairly
> > local, so I'm hesitant to block the entire range.
>
> There are some applications that you might want to install that can help.
> Personally, I have found reporting the abuse virtually useless. I use to
> just include the entire log with the data that pertained to the user in
> question; however, that just proved a waste of time.
>
> If you are using 'passwords' to access your account, you might want to
> consider using certificates instead. That is far safer than using a password
> that eventually can be cracked.
>
> --
> Jerry
>
Yes, it's probably time to move to certificates. Thanks for the suggestion.
Andrew
More information about the freebsd-questions
mailing list