> Basically, we are currently receiving an ever increasing > number of intrusion attempts, (isn't everyone) and would > like to automate a reaction to these attempts.
May I ask why? First off, what are these 'attempts'? Port scans? Active probes? Scans of the web server? Second, are the attempts successful? If not...why bother? > Firstly, I would like to inform the owner of the > address space which the attack has come from that this > is happening. What do you expect to see happen? There have been fairly lengthy threads on SF lists about this, in particular about providers or countries that do nothing whatsoever. > Secondly, I would like to report this address space > for permitting this activity. Report to whom? And what would you expect to happen? The issue of strikeback capability has been discussed at length, and there seems to be one camp that believes that it's NOT A GOOD THING(tm). Who is to say that the 'intrusion attempt' (however you define such a beast) really originated from the subnet/IP in question? If all you're seeing is a SYN packet, you have no idea if that really came from the source IP address. I still see Nimda scans on our web servers. I usually ignore such things, except for the one time that the same source IP showed up several times a day for 5 days...the I looked the owner up and called him. > Trouble is, who are the relevant authorities. That should have been your first question, rather than your last. > And are they likely to take any action. Depending on who the IP owner is. Since there doesn't seem to be a single all-encompassing authority for such things, you'd have to contact specific ISPs. Some never bother to respond, others respond w/ only a form letter. And remember, many ISPs have statements that specifically say that they're not responsible for what their users do...they simply provide connectivity and aren't responsible for monitoring, etc. Just a suggestion, but you might be better served using your time to monitor your systems, rather than run down each and every "intrusion attempt". __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
