Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 3 May 2006 16:20:01 -0700 (PDT)
From:      Bigby Findrake <bigby@ephemeron.org>
To:        Robert Huff <roberthuff@rcn.com>
Cc:        questions@freebsd.org
Subject:   Re: Semi-OT: responding to attempted breakins
Message-ID:  <20060503160708.X55239@home.ephemeron.org>
In-Reply-To: <17497.9228.336693.720080@jerusalem.litteratus.org>
References:  <17497.9228.336693.720080@jerusalem.litteratus.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 3 May 2006, Robert Huff wrote:

>
> 	As a result of installing new bits on my system, and paying
> attention to old ones, I've noticed several attempted break-ins
> which I currently believe have been unsucessful.
> 	As I have the appropriate log files, I'd like to contact the
> administrators and ISPs for the systems involved.  Can someone
> recommend a good response boilerplate - something that's concise,
> informative, professional, friendly, and yet firm?

I've been pretty religious about "responsible reporting" for about 6 
months now, reporting all ssh (and recently FTP) attacks to the 
originating ISP.

If I may, allow me to infer from your desire to be "firm" that you would 
like to cause the behaviour stop, and to give you a piece of advice.  I 
believe that you will be very unhappy if you are reporting for that 
reason.  The attacks, probes, tests, attempts - all of them - aren't going 
to stop, except by filtering those packets out through one mechanism (a 
firewall) or another (disconnecting your 'net connection).  You will end 
up bailing water with a teaspoon.


/-------------------------------------------------------------------------/
     He's the kind of guy, that, well, if you were ever in a jam he'd be
      there ... with two slices of bread and some chunky peanut butter.

                    finger://bigby@ephemeron.org
                   http://www.ephemeron.org/~bigby/
                   irc://irc.ephemeron.org/#the_pub
                 news://news.ephemeron.org/alt.lemurs
/-------------------------------------------------------------------------/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060503160708.X55239>