[plug] Attempted Intrusions

Shayne O'Neill shayne at guild.murdoch.edu.au
Wed Oct 20 14:09:26 WST 2004 

"reeducation".

Oh man, please dont.

As shitty as hackers are, I fear the chinese govts reaction to them would
be grossly out of proportion.

Best not get some poor kid shot.

--
"Well, I think if you say you're going to do something and don't do
it, that's trustworthiness."
-- George Bush on CNN online chat, Aug.30, 2000
RIAA Copyright notice trap: http://guild.murdoch.edu.au/~shayne/

On Wed, 20 Oct 2004, Bernd Felsche wrote:

> Marc Wiriadisastra <marc-w at smlintl.com.au> writes:
>
> >I don't know if there is something I can do about this.  Everyday I
> >receive a log of ssh attempts and the ip address which is pretty
> >straightforward.  However on a daily basis I have ip's that
> >obviously are trying to enter my computer that are not supposed to
> >and on a daily basis I have sent emails to firms around the world
> >to advise them of people trying to access my computer.
>
> >The problem is there is this one ip and I say one who is from China
> >that constantly tries to access my network I have sent numerous
> >emails to that firm to the abuse email address.  Now for some
> >reason I have had no response whether thats because they don't care
> >I don't know.  However is there some other way I can put a stop to
> >it.  He or she is obviously running a program which spits out
> >generic usernames such as root, adm and the like however obviously
> >ssh blocks all of those usernames and really I'm not so worried
> >about the access because more than likely he won't get in.  However
> >its becoming annoying because he's getting the log filled up to a
> >ridiculous quantity.
>
> >Has anyone got any suggestions I'm tempted to just list his ip and
> >just do a drop using iptables however I really don't wanna go down
> >that path.
>
> Go down that path.
>
> The only other effective means of dealing with the problem are illegal.
> In fact; only allow ssh from "trusted" addresses.
>
> You could also write a note to the Chinese consulate and advise them
> of you blocking their address ranges and why you are doing it. When
> they realize that that could ultimately stop them from doing business
> in Australia, they'll send their teams of technical experts around
> to the offenders' locations and re-educate them. That'll take some
> time; if it happens at all.
>
> >  Is there a register of some sort to cause him issues???
>
> Contact Australian Federal Police if the data you protect is of a
> sensitive nature.
> --
> /"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
> \ /  ASCII ribbon campaign | I'm a .signature virus!
>  X   against HTML mail     | Copy me into your ~/.signature
> / \  and postings          | to help me spread!
>
> _______________________________________________
> PLUG discussion list: plug at plug.linux.org.au
> http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>

More information about the plug mailing list