On Feb 19, 2009, at 12:00 PM, Andrew Gould wrote:
What information should I send to an ab...@* address when reporting a
My logs show a dictionary attack of invalid user names against port
So source of these is almost always some other compromised Unix-like
I obtained an ab...@* email address using 'whois' and reported
the beginning and ending date/times and the originating IP address.
When reporting the times, be sure to make the time zone clear.
Is there any other information I need to send? Is there someone
There's no general answer to that. It really depends the specifics of
the case. For example, a small business might have a small netblock
and an abuse address, but aren't competent to deal with your
notification. Think of a small business that has a bunch of Window's
clients and one ancient RedHat system that hasn't been maintained for
years and was set up by someone who doesn't work there anymore. In
that case, it might be useful to inform their provider as well.
Back when I used to report these things, I had a template message for
Most of the attacks I receive are from other continents, so I just
network range found via 'whois'.
If you block, and your firewall will log the failed attempts, then you
may also look at participating in DShield
email@example.com mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"