What information should I send to an ab...@* address when reporting a
break-in attempt?

My logs show a dictionary attack of invalid user names against port 22.  I
obtained an ab...@* email address using 'whois' and reported the beginning
and ending date/times and the originating IP address.

Is there any other information I need to send?  Is there someone else I
should notify?

Most of the attacks I receive are from other continents, so I just block the
network range found via 'whois'.  In this case, the IP address is fairly
local, so I'm hesitant to block the entire range.


freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to