LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-10-2006, 03:30 PM   #1
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Mint, MX, antiX, SystemRescue
Posts: 2,337

Rep: Reputation: 358Reputation: 358Reputation: 358Reputation: 358
Q? Do YOU report scans to abuse, or let them go?


Just wondering ... do people here report scans to abuse@isp.whatever?

Not that the script-kiddies successfully get in (so far!) I'm just wondering if people here tend to report or ignore. Things like the following (my adaptive firewall shut down the nonsense after three attempts):
Code:
Jun 10 12:42:14 xxx sshd[29550]: Connection from 211.239.157.232 port 39808
Jun 10 12:42:16 xxx sshd[29550]: User root from 211.239.157.232 not allowed ...
Jun 10 12:42:16 xxx sshd[29560]: Connection from 211.239.157.232 port 39857
Jun 10 12:42:18 xxx sshd[29560]: User root from 211.239.157.232 not allowed ...
Jun 10 12:42:19 xxx sshd[29568]: Connection from 211.239.157.232 port 39914
Jun 10 12:42:21 xxx sshd[29568]: User root from 211.239.157.232 not allowed ...
Jun 10 12:42:21 xxx sshd[29577]: refused connect from 211.239.157.232 ...
 
Old 06-10-2006, 05:26 PM   #2
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 344Reputation: 344Reputation: 344Reputation: 344
Ignore. I've been scanned nearly continuously for 6 years now. If I had decided to report each scan or unauthorized access attempt, it would have become a full time job. Not that anyone does anything with abuse reports (I think they are mostly routed to /dev/null).
 
Old 06-10-2006, 11:43 PM   #3
//////
Member
 
Registered: Nov 2005
Location: Land of Linux :: Finland
Distribution: Pop!_OS && Windows 10 && Arch Linux
Posts: 831

Rep: Reputation: 350Reputation: 350Reputation: 350Reputation: 350
http://www.mynetwatchman.com/

Easy to configure, just register, install & start daemon and let it run.
 
Old 06-12-2006, 06:55 AM   #4
Notwerk
Member
 
Registered: Apr 2005
Location: Jordan
Distribution: Debian (Sarge), Ubuntu (6.06)
Posts: 271

Rep: Reputation: 31
If the tries are serious, i.e. they're not just trying random username/password combinations but trying one username "root" for example and many passwords (brute force???) AND the make a whole lot of tries (like two or three days running) then I report them. Otherwise, ignore
 
Old 06-12-2006, 11:28 AM   #5
fedora4002
Member
 
Registered: Mar 2004
Posts: 135

Rep: Reputation: 15
I tried to contact several ISPs which has users ssh scanning us. They did response and promised to let their users know. But the scanning is continuing. That's it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Email Relay abuse novice06 Linux - Security 7 03-29-2006 07:53 PM
email abuse ice99 General 3 11-20-2005 10:55 AM
Feedback form abuse, how?? Runnerdave Programming 2 09-07-2005 09:57 PM
Email abuse Jon Doe Linux - Security 25 07-01-2005 04:59 PM
User abuse, or abused? scott_R LQ Suggestions & Feedback 3 01-22-2004 02:25 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration