From owner-freebsd-questions@FreeBSD.ORG Wed May 3 22:46:33 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 161F916A400 for ; Wed, 3 May 2006 22:46:33 +0000 (UTC) (envelope-from andrew.chace@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 954BC43D46 for ; Wed, 3 May 2006 22:46:32 +0000 (GMT) (envelope-from andrew.chace@gmail.com) Received: by nz-out-0102.google.com with SMTP id i11so301970nzi for ; Wed, 03 May 2006 15:46:32 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:subject:from:to:cc:in-reply-to:references:content-type:date:message-id:mime-version:x-mailer:content-transfer-encoding; b=SrwN17Y5ZNa3YkG61wdnIwkNq89ipyqEBg80PEt7LM9/g+UcXvc0Lta97qwrCqa01L953KSEellYUKajqN/JCwLU+hQoSipzuDRkrp8hYWbvte3+rLsxuD7n+nslv89T9gfcO4xJyrp9aBXVtcwmR349CYP/bhngI7xTe8vay34= Received: by 10.36.61.7 with SMTP id j7mr307362nza; Wed, 03 May 2006 15:46:32 -0700 (PDT) Received: from ?192.168.0.6? ( [70.56.4.48]) by mx.gmail.com with ESMTP id 17sm3017152nzo.2006.05.03.15.46.30; Wed, 03 May 2006 15:46:31 -0700 (PDT) From: Andrew To: Robert Huff In-Reply-To: <17497.9228.336693.720080@jerusalem.litteratus.org> References: <17497.9228.336693.720080@jerusalem.litteratus.org> Content-Type: text/plain Date: Wed, 03 May 2006 17:44:49 -0500 Message-Id: <1146696290.3352.21.camel@LatitudeFC5.network> Mime-Version: 1.0 X-Mailer: Evolution 2.6.1 (2.6.1-1.fc5.2) Content-Transfer-Encoding: 7bit Cc: questions@freebsd.org Subject: Re: Semi-OT: responding to attempted breakins X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 May 2006 22:46:33 -0000 On Wed, 2006-05-03 at 17:43 -0400, Robert Huff wrote: > As a result of installing new bits on my system, and paying > attention to old ones, I've noticed several attempted break-ins > which I currently believe have been unsucessful. > As I have the appropriate log files, I'd like to contact the > administrators and ISPs for the systems involved. Can someone > recommend a good response boilerplate - something that's concise, > informative, professional, friendly, and yet firm? > > > Robert Huff I'm sorry I can't. I did, however, want to interject my two cents here ;-). From a non-professional (i.e. student) viewpoint, it's been my experience that if I take the time to write a polite email, which includes relevant bits from my log files, to the admin for the IP in question asking them to look into it, they will usually take care of it. I suppose the appropriate response to this sort of situation depends on what your hosting. I run a web-server and SSH gateway for personal use, so although extremely annoying, it wouldn't be any big loss for me if it was cracked. I suppose you could always blacklist the domain in question, and see how long it takes for anyone to complain ;-).\ -Andrew