OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: SSH probe attack afoot?

From: Tim (tim-forensicssentinelchicken.org)
Date: Tue Feb 08 2005 - 09:45:24 CST


> Just curious here, after finding out where the IP addresses come from,
> do you go ahead and send a abuse complains to each one of them?

Yes, this can actually be effective in this instance... For the typical
windoze box hitting you with SMB attacks, it isn't worth the time. But
for a *ix attack coming from another *ix system, there's usually more at
stake for the person's system who was compromised, and is now attacking
you.

After a long string of these brute force attacks on my system, from a
particular IP, I got fed up and did some research. Found out it was
coming from a RedHat box running an ISP's DNS. I notified them and they
quickly took the system offline, and appologized. =)

tim