What information should I send to an ab...@* address when reporting a break-in attempt?
My logs show a dictionary attack of invalid user names against port 22. I obtained an ab...@* email address using 'whois' and reported the beginning and ending date/times and the originating IP address. Is there any other information I need to send? Is there someone else I should notify? Most of the attacks I receive are from other continents, so I just block the network range found via 'whois'. In this case, the IP address is fairly local, so I'm hesitant to block the entire range. Thanks, Andrew _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"