Re: [SLUG] Son of a dog...

From: steve szmidt (steve@szmidt.org)
Date: Fri Jul 15 2005 - 09:36:02 EDT

Next message: Daniel Jarboe: "Re: [SLUG] Permissions or what?"
Previous message: Chuck Hast: "Re: [SLUG] Permissions or what?"
In reply to: Chuck Hast: "[SLUG] Son of a dog..."
Next in thread: Chuck Hast: "Re: [SLUG] Son of a dog..."
Reply: Chuck Hast: "Re: [SLUG] Son of a dog..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Friday 15 July 2005 01:04, Chuck Hast wrote:
> I was looking at my log files and see line after line of attempts to get in
> my machine. Here is some examples.
>
On arin.net or ripe.net depending on where the hacker is, you can see who the
owner of the ip is. whois.iana.org is handy too.

Emailing to abuse@the-actual-isp-here.net can do the trick. Always include a
copy and paste of your logfile as tech's prefer to read that, vs one that you
typed up which may include typos, or be entirely false. Thus wasting their
time.

> The last one that I show you up there I can test with host, who do I get in
> contact with to complain about this? Or is it worth it?

Basically you want to be factual and concise. If you do some lookups of
addresses and save the admin some time, it will help him.

I inlude a short paragraph describing my findings and then paste in the
relevant log lines beneith. Makes it easy to see what's going on and to make
a decision on what to do with it. (Not all admins care.)

Some spammers have setup ISP's to host their spamming companies. When too many
complaints add up they change the name of the spamming company and continue.
Therefor I always cc the higher tier provider if it looks like a smaller ISP.
Which also acts like a motivator to handle it as they can get kicked by their
ISP for harboring spammers, hackers etc.

To identify such an ISP I usually find that whois reports the same address, or
techs or some such which gives away the situation.

Hmm! It would be interesting if we had a thread with log's of hack attempts.
That can be used to get a bigger picture of the hackers. It could give away
more information as to habits and addresses.

The only thing is that it could ->possibly<- be used to help a hacker too. As
a rule one never includes things that can be valuable to a hacker, in emails.

But the ssh daemon is not reporting anything of value to the hacker so...

I'm going to open a new thread on this.

Steve Szmidt

"They that would give up essential liberty for temporary safety deserve neither liberty nor safety." Benjamin Franklin ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.

Next message: Daniel Jarboe: "Re: [SLUG] Permissions or what?"
Previous message: Chuck Hast: "Re: [SLUG] Permissions or what?"
In reply to: Chuck Hast: "[SLUG] Son of a dog..."
Next in thread: Chuck Hast: "Re: [SLUG] Son of a dog..."
Reply: Chuck Hast: "Re: [SLUG] Son of a dog..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:43:18 EDT