Banze, Andreas wrote: >>Well, in fact I received the "Don't panic" message from logwatch this >>morning. After checking Google I found that the message is a >>signature >>left by scanssh as noted in >>http://www.der-keiler.de/Mailing-Lists/securityfocus/incidents >> >> >/2001-12/0244.html > > > > >>So I took the following actions: >>0. Identified the originating IP >>1. downloaded, compiled and installed the latest version of ssh. >>2. portscanned the IP (just to make him/her know) >>3. iptables denying all traffic from that IP range. >> >> > > > >>Are these actions OK, paranoid or just plain futile? >> >> > >depends on your and the other system. In case you are providing services >(e.g. webserver) and the other machine is a multiuser system it's a little >bit too much. > >Apart from that a mail to the responsible abuse-Account for that IP seems to >be a much better way to "let him/her know" than port scanning. You are using >nearly the same methods to "warn" people they used to alarm you - doesn't >seem right for me, but it's your decision. > > > Hmm, you're right. I guess it's the limit between defense and attack. Good point.
Francisco _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
