[plug] Attempted Intrusions

Bernd Felsche bernie at innovative.iinet.net.au
Wed Oct 20 09:02:24 WST 2004


Marc Wiriadisastra <marc-w at smlintl.com.au> writes:

>I don't know if there is something I can do about this.  Everyday I
>receive a log of ssh attempts and the ip address which is pretty
>straightforward.  However on a daily basis I have ip's that
>obviously are trying to enter my computer that are not supposed to
>and on a daily basis I have sent emails to firms around the world
>to advise them of people trying to access my computer.

>The problem is there is this one ip and I say one who is from China
>that constantly tries to access my network I have sent numerous
>emails to that firm to the abuse email address.  Now for some
>reason I have had no response whether thats because they don't care
>I don't know.  However is there some other way I can put a stop to
>it.  He or she is obviously running a program which spits out
>generic usernames such as root, adm and the like however obviously
>ssh blocks all of those usernames and really I'm not so worried
>about the access because more than likely he won't get in.  However
>its becoming annoying because he's getting the log filled up to a
>ridiculous quantity.

>Has anyone got any suggestions I'm tempted to just list his ip and
>just do a drop using iptables however I really don't wanna go down
>that path. 

Go down that path.

The only other effective means of dealing with the problem are illegal.
In fact; only allow ssh from "trusted" addresses.

You could also write a note to the Chinese consulate and advise them
of you blocking their address ranges and why you are doing it. When
they realize that that could ultimately stop them from doing business
in Australia, they'll send their teams of technical experts around
to the offenders' locations and re-educate them. That'll take some
time; if it happens at all.

>  Is there a register of some sort to cause him issues???

Contact Australian Federal Police if the data you protect is of a
sensitive nature.
-- 
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ /  ASCII ribbon campaign | I'm a .signature virus!
 X   against HTML mail     | Copy me into your ~/.signature
/ \  and postings          | to help me spread!




More information about the plug mailing list