> From: Andrew Gould andrewlylego...@gmail.com > > What information should I send to an ab...@* address when reporting a > break-in attempt? > > My logs show a dictionary attack of invalid user names against port 22. I > obtained an ab...@* email address using 'whois' and reported the beginning > and ending date/times and the originating IP address. > > Is there any other information I need to send? Is there someone else I > should notify? > > Most of the attacks I receive are from other continents, so I just block the > network range found via 'whois'. In this case, the IP address is fairly > local, so I'm hesitant to block the entire range.
There are some applications that you might want to install that can help. Personally, I have found reporting the abuse virtually useless. I use to just include the entire log with the data that pertained to the user in question; however, that just proved a waste of time. If you are using 'passwords' to access your account, you might want to consider using certificates instead. That is far safer than using a password that eventually can be cracked. -- Jerry _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
