> Well, in fact I received the "Don't panic" message from logwatch this > morning. After checking Google I found that the message is a > signature > left by scanssh as noted in > http://www.der-keiler.de/Mailing-Lists/securityfocus/incidents /2001-12/0244.html
>So I took the following actions: >0. Identified the originating IP >1. downloaded, compiled and installed the latest version of ssh. >2. portscanned the IP (just to make him/her know) >3. iptables denying all traffic from that IP range. >Are these actions OK, paranoid or just plain futile? depends on your and the other system. In case you are providing services (e.g. webserver) and the other machine is a multiuser system it's a little bit too much. Apart from that a mail to the responsible abuse-Account for that IP seems to be a much better way to "let him/her know" than port scanning. You are using nearly the same methods to "warn" people they used to alarm you - doesn't seem right for me, but it's your decision. Apart from that it's your machine, you decide whom to serve and whom not. MfG Andreas _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
