I have had varying luck with reporting intrusion attempts, I handle support
for our group, most of them use firewalls so I get decent information from
them.
First I try and track down who owns the offending IP and if I find that, I
check out the website of the provider for a security or abuse contact.
I then package my evidence and sent it off to them. Some times they do
something about, most of the time, they don't.
For the really persistent, I've blocked out whole subnets from access to our
systems including mail. Then somebody has to call me to get back in. This
gives me my point of contact and if I get no contact, at least I've got a
log of the dropped connections from the firewall.
Most of the better known attacks are kids playing around, it's the concerted
attempts to saturate our network that I pay specific attention to. These
I'll package and send off to all the offending providers I can suss and I
also send off information to the CERT http://www.cert.org, they have a
format which is tedious, but can be worth it.
Good luck
Tim
-----Original Message-----
From: Kim Kruse [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 1:28 PM
To: NT System Admin Issues
Subject: Reporting Hackers?
Has anyone had any luck reporting hack attempts to your webpage?
I can see them attempting to run scripts, from a certain IP address.
I can trace the IP address to who is registered for that address.
Frequently I then have a technical or other contact.
Is it worth my time to report the attempts? Can the originating IP addresses
be spoofed (i.e would I just be harassing an innocent party?)
Thx
Kim
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
