What could I do to press charges against some fscker that tryed to brute force his way into my sshd(which btw dosent use password to auth)

Here is a netstat output, when the attack was happening...

tcp 0 0 me.:ssh andrejko.ics.upjs:46093 TIME_WAIT
tcp 0 0 me.:ssh andrejko.ics.upjs:46926 TIME_WAIT
tcp 0 0 me.:ssh andrejko.ics.upjs:47241 TIME_WAIT
tcp 0 0 me.:ssh andrejko.ics.upjs:46507 TIME_WAIT
tcp 0 0 me.:ssh andrejko.ics.upjs:46823 TIME_WAIT
tcp 0 0 me.:ssh andrejko.ics.upjs:46406 TIME_WAIT
tcp 0 0 me.:ssh andrejko.ics.upjs:46305 TIME_WAIT
tcp 0 0 localhost:38854 localhost:smtp TIME_WAIT
tcp 0 0 me.:ssh andrejko.ics.upjs:46719 TIME_WAIT
tcp 0 0 me.:ssh andrejko.ics.upjs:47134 TIME_WAIT
tcp 0 132 me.:ssh laptop:1041 ESTABLISHED
tcp 0 0 me.:ssh andrejko.ics.upjs:47033 TIME_WAIT
tcp 0 0 me.:ssh andrejko.ics.upjs:46196 TIME_WAIT
tcp 0 0 me.:ssh andrejko.ics.upjs:47351 ESTABLISHED
tcp 0 0 me.:ssh andrejko.ics.upjs:46615 TIME_WAIT

I have gathered quite alot of info about andrejko.ics.upjs(whois lookups, portscans etc). Where should I send this info so that it can cause trouble for andrejko.ics.upjs

btw: me is my host...
Any help would be great

What could I do to press charges against someone that tryed to brute force his way into my sshd
"Pressing charges"? Realistically speaking, not a thing unless it's been a succesful breach of security causing considerable damages. Even then it has to be covered by Law where you live AFAIK.


There's three realistic steps you can take:
- make sure you read the LQSEC sticky thread "Failed SSH login attempts" and pick a defense mechanism that is appropriate for your system(s) (and note solely moving ssh to another port is *not* a realistic way),
- optionally report to Dshield (this helps correllating info with and for others),
- optionally report to the offenders' ISP,
- and since you're dealing with a univ, prolly the IT dept as well.
Note you should not expect any response.


As moderator I would like to add that, even though cursing is not uncommon, I would like to ask you to please refrain from cursing in thread titles and posts. It does nothing for you or your thread, and frankly, looking at the "problem" it's not even severe enough to warrant cursing: probing is common these days. So deal with it.

When the sshd attacks first started to really be noticed, I had a 12-minute bruteforce attempt from someone who probably knew a bit what he was doing (eg, he tried realistic usernames with multiple guesses against each). It really ticked me off, but they/he/she didnt' get anywhere. I did however take those pages and pages of failed login attempts and reported it to his ISP. They mailed me back some time later saying they terminated this guy's account, and if need be again to contact them. You won't always get a confirmation, but rest assured if the ISP is decent, and you report the situation calmly and respectfully, something will likely happen against the offender concerning his Internet connection/account.

As for law enforcement getting involved, the only time I can remember seeing that is when Microsoft throws money at the problem.

I did whois lookups and found the "abuse contact" email address, and emailed them a complaint...

it's beening 24hrs and no reply, what could I do now?

unSpawn gave you a few suggestions, have you done all of those yet?