[SGVLUG] Who is that knocking on my ports?
Alan Horn
ahorn at deorth.org
Mon Jan 12 19:08:14 PST 2009
>
> 1) identify the ISP or suitable "owner" of the netblock containing
> the IP address
> 2) for "well known" ISP's, look up their security or "abuse" e-mail
> addresses
> 3) generate, in real time, an e-mail report of the breakin attempt --
> one e-mail per attempt :)
>
> Yes, I intend to "spam" the ISP about what their user(s) are doing.
It's completely not worth it. Just drop them with blocksshd or something
similar. These botnet attacks are so numerous and distributed that the
best course right now is just to ignore them and drop the packets on the
floor. It's a personal choice of course.
Cheers,
Al
More information about the SGVLUG
mailing list