Do you email abuse departments of people abusing your network?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
View Poll Results: Do you email abuse departments of people abusing your network?
I report only the truly persistent ones, that I notice they have been trying really hard to get in. However, I don't think anything is ever done about it, no matter what country it is.
I've used mynetwatchman.com's agent to monitor and report automatically (not that it helps a lot but at least it is reported). Dshield also has a logging agent that will donate your logs (for crunching trend reports) and also report abusers.
I saw one that originated from a major security company that scanned my home network. I reported it to them (instead of their ISP) and they responded back and apologized, saying that they'd mis-configured their scan.
I've had some luck with emailing the registrar for the offending domain as listed by whois. In a few cases, all it took was copies of the offending emails to get spammers kicked. Of course they probably just moved somewhere else, but I stopped getting the emails. However, the Chinese registrars don't respond. This assumes it's a rogue domain rather than just a rogue operator within a large domain, of course.
Edit:
Never mind, your question is for server scanning, and my response was for getting spam.
Last edited by Quakeboy02; 11-19-2009 at 12:22 PM.
I report port scanning, attempted relaying, spam, brute force authentication, etc to the registered owner of an IP. As I run a small private host, many countries are already blocked (china, hong kong, russia, etc). It is important to report illegal/unsolicited email, port scanning, etc in order to help combat these activities. I always threaten the registered owner with the possibility of legal action. If spam or the like chronically persists from these organizations they are black listed. Many administrators report back that an investigation has been launched.
If everybody reported illegal/unsolicited activity the registered owners of IP ranges would do more.
If everybody reported illegal/unsolicited activity the registered owners of IP ranges would do more.
I seriously doubt this. The world is very big and the laws within country X are usually different than country Y. What's not allowed here is allowed there. Everyone's experience in network security is different, so an e-mail threatening legal action regarding "an attack" may well go over their head. Then there's the issue of spammers knowing that they are scanning and spamming...they flat-out ignore correspondence.
Unless it is something outside of the norm of what I log, I'm not going to manually engage each and every IP/network owner. That's why I have Mynetwatchman, but most owners don't respond to those notices, either. If the IP/network owners don't respond, then there's nothing I can do about that without wasting time and resources that I don't really have.
You started this thread, with a question that has been helpfully answered by useful and informative replies from the users at LQ.
You have not come back to the thread that you started.
Meanwhile, you have been very active on LQ, starting other threads, but not responding to this one that you started (or the others, but I cannot be bothered to search further):
Do you email abuse departments of people abusing your network?
IMO, the answer is either yes or no. Even the poll selections aren't to your liking, you can either opt out of answering or leave a comment.
I don't think he's looking for anything in particular, even if I attempt to read into his question. It's a poll question, not something that he appears to have any particular issue with.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
