Semi-OT: responding to attempted breakins
As a result of installing new bits on my system, and paying attention to old ones, I've noticed several attempted break-ins which I currently believe have been unsucessful. As I have the appropriate log files, I'd like to contact the administrators and ISPs for the systems involved. Can someone recommend a good response boilerplate - something that's concise, informative, professional, friendly, and yet firm? Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Semi-OT: responding to attempted breakins
On Wed, 2006-05-03 at 17:43 -0400, Robert Huff wrote: As a result of installing new bits on my system, and paying attention to old ones, I've noticed several attempted break-ins which I currently believe have been unsucessful. As I have the appropriate log files, I'd like to contact the administrators and ISPs for the systems involved. Can someone recommend a good response boilerplate - something that's concise, informative, professional, friendly, and yet firm? Robert Huff I'm sorry I can't. I did, however, want to interject my two cents here ;-). From a non-professional (i.e. student) viewpoint, it's been my experience that if I take the time to write a polite email, which includes relevant bits from my log files, to the admin for the IP in question asking them to look into it, they will usually take care of it. I suppose the appropriate response to this sort of situation depends on what your hosting. I run a web-server and SSH gateway for personal use, so although extremely annoying, it wouldn't be any big loss for me if it was cracked. I suppose you could always blacklist the domain in question, and see how long it takes for anyone to complain ;-).\ -Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Semi-OT: responding to attempted breakins
On Wed, 3 May 2006, Robert Huff wrote: As a result of installing new bits on my system, and paying attention to old ones, I've noticed several attempted break-ins which I currently believe have been unsucessful. As I have the appropriate log files, I'd like to contact the administrators and ISPs for the systems involved. Can someone recommend a good response boilerplate - something that's concise, informative, professional, friendly, and yet firm? I've been pretty religious about responsible reporting for about 6 months now, reporting all ssh (and recently FTP) attacks to the originating ISP. If I may, allow me to infer from your desire to be firm that you would like to cause the behaviour stop, and to give you a piece of advice. I believe that you will be very unhappy if you are reporting for that reason. The attacks, probes, tests, attempts - all of them - aren't going to stop, except by filtering those packets out through one mechanism (a firewall) or another (disconnecting your 'net connection). You will end up bailing water with a teaspoon. /-/ He's the kind of guy, that, well, if you were ever in a jam he'd be there ... with two slices of bread and some chunky peanut butter. finger://[EMAIL PROTECTED] http://www.ephemeron.org/~bigby/ irc://irc.ephemeron.org/#the_pub news://news.ephemeron.org/alt.lemurs /-/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
