Hi all, since two days (approx.) I'm seeing an extremely high number of apparently coordinated (well, at least they are trying the same list of usernames) brute force attempts from IP addresses spread all over the world. I've got denyhosts and an additional iptables based firewall solution in place to mitigate these since quite some time already and this seems to do the trick in terms of blocking them fairly quickly. Nevertheless, I'd like to do something about it more proactively, so I also contact the abuse mailboxes as obtained from whois. From time to time I do even see responses stating that counter measures have been taken. In the current case, however, there rather seems to be a need for some more coordinated action instead of contacting the ISPs for each single IP -- this host might get blocked/shut down, but there is little hope of a more thorough investigation, trying to get closer to the root of these attacks. Well, probably I'm pretty naive in hoping that one could do anything about that at all, but maybe some of you are more experienced in security issues/dealing with CERTs, etc. and have some ideas what could be done. Further, what do you guys do about such attacks? Just sit back and hope they don't get hold of any passwords? Any ideas are welcome... Thanks, Michael
Attachment:
pgpcpgvZel9DZ.pgp
Description: PGP signature