On Fri, 04 Nov 2005, Thomas wrote: > recently, i can see ofthen brute force attacks in my ssh logfile. > A friend of mine, who has the same ISP gets the same bruteforce attacks. > > What would be an adequate reaction to repeated ssh bruteforce attacks?
Once I tried to do something about it, just because I had nothing better to do. I used whois, found the abuse contact of the relevant domain owners and their upstream providers, and emailed them the logs, requesting that they inspect why a machine of theirs was trying to attack one of mine. Out of the three reports I sent: One was replied to in 5 minutes(!), the attacker had been immediately unplugged, and the machine would be investigated. One was replied to within 3 hours, the attack was being investigated (and I wasn't being proped by them anymore, so I suppose they took it offline as well). One was replied to within 1 day, the server had been reinstalled from scratch and they thanked me about the report. So I got proper replies for 100% of the reports I sent, and three zoombies were put to rest. It is something nice to do if you feel bored. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
