I think they're more interested in using your computer to participate in the botnet. sending spam / exploiting other machines is far more lucrative that holding Joe Nobody's machine for ransom. unplug + format = game over.
-rb On Fri, Aug 22, 2008 at 9:27 AM, Carlos Antelo <[EMAIL PROTECTED]> wrote: > El Thursday 21 August 2008 11:33:51 Michael Tautschnig escribió: >> Hi all, >> >> since two days (approx.) I'm seeing an extremely high number of apparently >> coordinated (well, at least they are trying the same list of usernames) >> brute force attempts from IP addresses spread all over the world. I've got >> denyhosts and an additional iptables based firewall solution in place to >> mitigate these since quite some time already and this seems to do the trick >> in terms of blocking them fairly quickly. >> >> Nevertheless, I'd like to do something about it more proactively, so I also >> contact the abuse mailboxes as obtained from whois. From time to time I do >> even see responses stating that counter measures have been taken. In the >> current case, however, there rather seems to be a need for some more >> coordinated action instead of contacting the ISPs for each single IP -- >> this host might get blocked/shut down, but there is little hope of a more >> thorough investigation, trying to get closer to the root of these attacks. >> >> Well, probably I'm pretty naive in hoping that one could do anything about >> that at all, but maybe some of you are more experienced in security >> issues/dealing with CERTs, etc. and have some ideas what could be done. >> >> Further, what do you guys do about such attacks? Just sit back and hope >> they don't get hold of any passwords? Any ideas are welcome... >> >> Thanks, >> Michael > > redirect attackers to another port with a ssh honeypot with common attacked > accounts and stupid passwords, let take over false information ( and > information on to contact you) so they will try to contact you for money then > call the police or do something similar but atackers will keep comming... > this is most for you fun > > sorry for my bad english. > > -- > Carlos Antelo ( aka CMA ) > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
