On August 3, 2004 10:40, Clements, Shane wrote: > Hi all, > I was wondering what people did when they encountered logs like these > for ssh... Last week I got these in my logs: >
There has been talk on various mailing lists about an increase in SSH scans. Take a look at http://www.securityfocus.com/archive/75/370488 and other posts to the incidents mailing list. <snip> > > So of course I tracerouted and whois some of these ips and got their > ISPs. At what point is it fair to report them? Good luck - it never hurts to try and report them but most likely these are already compromised machines, so I don't know how far you will get.. Martin _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
