on Mon, Dec 06, 2004 at 07:10:03PM +1100, Sam Watkins ([EMAIL PROTECTED]) wrote:
> The other thing about ssh attacks is that I feel that I should try to
> contact the people whose server has presumably been taken over and let
> them know that it is attacking other servers.
> I did this manually a couple times, but I guess it would be useful to
> have a script to help.  (lookup whois and reverse DNS, see if there's
> a webpage hosted on the machine, look for contact email, and draft a
> message to various possible contact emails for me to edit)
> I know if my box was comprimised and attacking people, I'd like to
> know about it!
> Attacking people's boxen running ssh seems to be a popular passtime at
> the moment, it would be good to have a way to fight back against this
> trend, rather than just protecting our own machines.
> Maybe there's some good reason NOT to contact people, I can't think
> why.  Might not want to use your canonical email address though!

If you're really interested in doing that sort of reporting, you're
welcome to crib from my SpamTools package (GPL):


...which does a lot of the "who are the contacts based on a given IP"


Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    We're not going to fix this by getting the pilots to be more careful.
    - Aviation industry approach to systemic improvement.

Attachment: signature.asc
Description: Digital signature

Reply via email to