Someone's knocking on my door
in [UK Linux]
|
Prev: UK Broadband
Next: Edimax EW-7628IG driver
From: Geoffrey Clements on 3 Apr 2006 17:31 The last few days I've been watching someone (or possibly various people) trying out a set of user names on my sshd port without success. The attacks appear to be automated. A "whois" lookup on the ip addresses shows different organisations in different countries. The question is is it worth e-mailing the contacts in the whois database or is that just a waste of time? -- Geoff Registered Linux user 196308 Replace bitbucket with geoff to mail me.
From: Robert Hull on 3 Apr 2006 18:25 In uk.comp.os.linux, on Mon 03 April 2006 22:31, Geoffrey Clements <bitbucket(a)electron.me.uk> wrote: > The last few days I've been watching someone (or possibly various > people) > trying out a set of user names on my sshd port without success. The > attacks appear to be automated. A "whois" lookup on the ip addresses > shows different organisations in different countries. > > The question is is it worth e-mailing the contacts in the whois > database or is that just a waste of time? > IME they do not respond -- Robert HULL Archival or publication of this article on any part of thisishull.net is without consent and is in direct breach of the Data Protection Act
From: Martin Gregorie on 3 Apr 2006 18:59 Geoffrey Clements wrote: > The last few days I've been watching someone (or possibly various people) > trying out a set of user names on my sshd port without success. The > attacks appear to be automated. A "whois" lookup on the ip addresses shows > different organisations in different countries. > > The question is is it worth e-mailing the contacts in the whois database or > is that just a waste of time? > Depends. Yahoo seem to be fairly responsive to such complaints. So do some of the smaller American ISPs. -- martin@ | Martin Gregorie gregorie. | Essex, UK org |
From: mike on 3 Apr 2006 23:12 Geoffrey Clements <bitbucket(a)electron.me.uk> wrote: > The last few days I've been watching someone (or possibly various people) > trying out a set of user names on my sshd port without success. The > attacks appear to be automated. A "whois" lookup on the ip addresses shows > different organisations in different countries. > > The question is is it worth e-mailing the contacts in the whois database or > is that just a waste of time? > I get two thousand or so a day on one machine been going up steadily for years. Occasionaly make the effort to moan if one annoys me particularly for some reason. Never had a response but have a go you may get lucky.
From: Paul Black on 4 Apr 2006 04:16
Geoffrey Clements wrote: > The last few days I've been watching someone (or possibly various people) > trying out a set of user names on my sshd port without success. The > attacks appear to be automated. A "whois" lookup on the ip addresses shows > different organisations in different countries. > > The question is is it worth e-mailing the contacts in the whois database or > is that just a waste of time? Your best bet is to assume that the people you will email do not care and to automatically block the IP addresses of those trying: http://www.denyhosts.net -- Paul |