LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


View Poll Results: What do you do with minor attacks?
Always report them! 0 0%
Report them if I'm bored and I see it in the log. 5 35.71%
Return the attack on the script kiddies. 2 14.29%
Do nothing. 7 50.00%
Voters: 14. You may not vote on this poll

Reply
  Search this Thread
Old 10-23-2004, 01:49 PM   #1
JordanH
Member
 
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360

Rep: Reputation: 30
What do you do with passing attempts?


Hi All,

I have recently put up a small website to help some friends and as I'm bored today I watch the logs... I see quite a few attempts to break in - all of which are Microsoft exploits so they aren't really important at all. On a daily basis, I also receive quite a few spoofed ip addresses or other forms of scans/attacks captured by the syslog and iptables.

Now, what do you folks do with MINOR attacks on your systems? Do you report them to the ISP, attack them back, do nothing because they are futile against your machines? (We're talking minor attacks here)

So far, I only report abuse when I'm bored on Saturdays or late evenings... What's the 'norm'?

J.
 
Old 10-23-2004, 07:15 PM   #2
qwijibow
LQ Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
ignore them... its waaaay too much effort to chase them all up.
if anyone is persistant in attempting to break in or annoying, then main there ISP with the important parts of your server logs.
 
Old 10-26-2004, 12:42 AM   #3
jev-bird
Member
 
Registered: Jul 2004
Location: USofA
Distribution: Whatever runs accordingly.
Posts: 200

Rep: Reputation: 30
Most attacks like that are automated nowdays, scripts, bots, worms, zombies.. It simply does not make sense to report them. Report real crime in your neighborhood not white noise that flows over the internet everyday.
 
Old 10-26-2004, 02:42 AM   #4
floppywhopper
Member
 
Registered: Aug 2004
Location: Albany, Western Australia
Distribution: Mageia , SME , IP Fire, LinuxMX
Posts: 631
Blog Entries: 2

Rep: Reputation: 114Reputation: 114
mostly ignore.
if I see an attempt at SSH or similar then they get IP blocked.
If there is a persistant attempt ...
eg I've been probed for 3 hours straight, every 5 -10 secs, by one guy ( usr/moron ) after the same port ( ooh duh ) , then I get annoyed, do a who-is and report if possible.
sometimes works sometimes not.
Definately works if the usr/moron is a customer of same ISP as yourself as is usually a breach of rules- email off your logs as proof.

If youre running in stealth then attacking someone else kind of gives the game away, blow your own cover etc. Not recommended !

live long and prosper
floppy
 
Old 10-26-2004, 10:23 AM   #5
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
I report them if they are outlandish attempts. For example, a few days ago someone tried to Brutessh their way into one of our boxes for 4 hours. Somthing like 1500 failed login attempts. I'll report them and anyone else that tries repeatedly for a period of time.

Of course it also depends on where they are coming from. If they are coming from China or Japan or Korea, I won't even bother b/c I know I won't get a response from their ISP. Some European ISPs have been responsive (I've had a few experiences with schlund.de and found them to be very responsive). Domestic (US) ISPs are usually very responsive when you send them logs.

So I guess if I'm bored and care enough I'll report them.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
passing passing variable in Java as reference djgerbavore Programming 3 11-10-2004 02:18 PM
Login attempts phatboyz Linux - Security 1 10-11-2004 01:57 PM
My First Attempts At Drawing People KungFuHamster General 6 04-24-2003 08:49 PM
Attempts to conect to my box! NSKL Slackware 13 11-01-2002 04:18 PM
all attempts failed btb103 Linux - General 1 10-23-2001 05:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration