Re: off topic: reporting attempts to access computers

On Thu, Feb 19, 2009 at 2:01 PM, GESBBB <gesbbb@xxxxxxxxx> wrote:

From: Andrew Gould andrewlylegould@xxxxxxxxx

What information should I send to an abuse@* address when reporting a
break-in attempt?

My logs show a dictionary attack of invalid user names against port 22.
I
obtained an abuse@* email address using 'whois' and reported the
beginning
and ending date/times and the originating IP address.

Is there any other information I need to send? Is there someone else I
should notify?

Most of the attacks I receive are from other continents, so I just block
the
network range found via 'whois'. In this case, the IP address is fairly
local, so I'm hesitant to block the entire range.

There are some applications that you might want to install that can help.
Personally, I have found reporting the abuse virtually useless. I use to
just include the entire log with the data that pertained to the user in
question; however, that just proved a waste of time.

If you are using 'passwords' to access your account, you might want to
consider using certificates instead. That is far safer than using a password
that eventually can be cracked.

--
Jerry


Yes, it's probably time to move to certificates. Thanks for the suggestion.

Andrew
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: [fw-wiz] Handling large log files
    ... Splunk to manage firewall and switch event logs. ... we used it to alert us to switches reporting an ...  With this volume, logcheck was able to ... effectively parse the files and send out a nice email. ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Handling large log files
    ... Splunk to manage firewall and switch event logs. ... we used it to alert us to switches reporting an ... output of SEC was fed back in to syslog-ng as and represented in Splunk ...  With this volume, logcheck was able to ...
    (Firewall-Wizards)
  • Re: Scheduled Server scan does not log events - Trend Micro WFBS 5.1
    ... reporting and logging facilities. ... Query-Exchange Server-Scan event logs. ... can set the cpu utilization to high, ... We have recently discovered that our Sunday morning Scheduled Server Scan ...
    (microsoft.public.windows.server.sbs)
  • RE: Firewall and Internet Reporting Software...Best One?
    ... Firewall and Internet Reporting Software...Best One? ... Webtrends offers very good graphing, reporting, etc. ... since the firewall logs IP addresses rather than user names of the ...
    (Security-Basics)
  • Re: off topic: reporting attempts to access computers
    ... What information should I send to an abuse@* address when reporting a ... My logs show a dictionary attack of invalid user names against port 22.  ... obtained an abuse@* email address using 'whois' and reported the beginning ... If you are using 'passwords' to access your account, you might want to consider using certificates instead. ...
    (freebsd-questions)