Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-10-2006, 03:30 PM
|
#1
|
Senior Member
Registered: Nov 2004
Distribution: Mint, MX, antiX, SystemRescue
Posts: 2,337
|
Q? Do YOU report scans to abuse, or let them go?
Just wondering ... do people here report scans to abuse@isp.whatever?
Not that the script-kiddies successfully get in (so far!) I'm just wondering if people here tend to report or ignore. Things like the following (my adaptive firewall shut down the nonsense after three attempts):
Code:
Jun 10 12:42:14 xxx sshd[29550]: Connection from 211.239.157.232 port 39808
Jun 10 12:42:16 xxx sshd[29550]: User root from 211.239.157.232 not allowed ...
Jun 10 12:42:16 xxx sshd[29560]: Connection from 211.239.157.232 port 39857
Jun 10 12:42:18 xxx sshd[29560]: User root from 211.239.157.232 not allowed ...
Jun 10 12:42:19 xxx sshd[29568]: Connection from 211.239.157.232 port 39914
Jun 10 12:42:21 xxx sshd[29568]: User root from 211.239.157.232 not allowed ...
Jun 10 12:42:21 xxx sshd[29577]: refused connect from 211.239.157.232 ...
|
|
|
06-10-2006, 05:26 PM
|
#2
|
Senior Member
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
|
Ignore. I've been scanned nearly continuously for 6 years now. If I had decided to report each scan or unauthorized access attempt, it would have become a full time job. Not that anyone does anything with abuse reports (I think they are mostly routed to /dev/null).
|
|
|
06-10-2006, 11:43 PM
|
#3
|
Member
Registered: Nov 2005
Location: Land of Linux :: Finland
Distribution: Pop!_OS && Windows 10 && Arch Linux
Posts: 831
|
http://www.mynetwatchman.com/
Easy to configure, just register, install & start daemon and let it run.
|
|
|
06-12-2006, 06:55 AM
|
#4
|
Member
Registered: Apr 2005
Location: Jordan
Distribution: Debian (Sarge), Ubuntu (6.06)
Posts: 271
Rep:
|
If the tries are serious, i.e. they're not just trying random username/password combinations but trying one username "root" for example and many passwords (brute force???) AND the make a whole lot of tries (like two or three days running) then I report them. Otherwise, ignore
|
|
|
06-12-2006, 11:28 AM
|
#5
|
Member
Registered: Mar 2004
Posts: 135
Rep:
|
I tried to contact several ISPs which has users ssh scanning us. They did response and promised to let their users know. But the scanning is continuing. That's it.
|
|
|
All times are GMT -5. The time now is 09:35 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|