The other thing about ssh attacks is that I feel that I should try to contact the people whose server has presumably been taken over and let them know that it is attacking other servers.
I did this manually a couple times, but I guess it would be useful to have a script to help. (lookup whois and reverse DNS, see if there's a webpage hosted on the machine, look for contact email, and draft a message to various possible contact emails for me to edit) I know if my box was comprimised and attacking people, I'd like to know about it! Attacking people's boxen running ssh seems to be a popular passtime at the moment, it would be good to have a way to fight back against this trend, rather than just protecting our own machines. Maybe there's some good reason NOT to contact people, I can't think why. Might not want to use your canonical email address though! Sam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
