[plug] Attempted Intrusions
Marc Wiriadisastra
marc-w at smlintl.com.au
Wed Oct 20 08:26:49 WST 2004
Hi All,
I don't know if there is something I can do about this. Everyday I
receive a log of ssh attempts and the ip address which is pretty
straightforward. However on a daily basis I have ip's that obviously
are trying to enter my computer that are not supposed to and on a daily
basis I have sent emails to firms around the world to advise them of
people trying to access my computer.
The problem is there is this one ip and I say one who is from China that
constantly tries to access my network I have sent numerous emails to
that firm to the abuse email address. Now for some reason I have had no
response whether thats because they don't care I don't know. However is
there some other way I can put a stop to it. He or she is obviously
running a program which spits out generic usernames such as root, adm
and the like however obviously ssh blocks all of those usernames and
really I'm not so worried about the access because more than likely he
won't get in. However its becoming annoying because he's getting the
log filled up to a ridiculous quantity.
Has anyone got any suggestions I'm tempted to just list his ip and just
do a drop using iptables however I really don't wanna go down that path.
Is there a register of some sort to cause him issues???
Regards
Marc
More information about the plug
mailing list