Thanks Martin. There are some useful suggestions in that thread as well for the problem...
S.
NOTICE -
This communication is intended ONLY for the use of the person or entity named above and may contain information that is confidential or legally privileged. If you are not the intended recipient named above or a person responsible for delivering messages or communications to the intended recipient, YOU ARE HEREBY NOTIFIED that any use, distribution, or copying of this communication or any of the information contained in it is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and then destroy or delete this communication, or return it to us by mail if requested by us. The City of Calgary thanks you for your attention and cooperation.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Martin Glazer
Sent: 2004 August 03 10:55 AM
To: [EMAIL PROTECTED]
Subject: Re: [clug-talk] log weirdness
On August 3, 2004 10:40, Clements, Shane wrote:
> Hi all,
> I was wondering what people did when they encountered logs like these
> for ssh... Last week I got these in my logs:
>
There has been talk on various mailing lists about an increase in SSH scans.
Take a look at http://www.securityfocus.com/archive/75/370488
and other posts to the incidents mailing list.
<snip>
>
> So of course I tracerouted and whois some of these ips and got their
> ISPs. At what point is it fair to report them?
Good luck - it never hurts to try and report them but most likely these are
already compromised machines, so I don't know how far you will get..
Martin
_______________________________________________
clug-talk mailing list
[EMAIL PROTECTED]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
