on Mon, Dec 06, 2004 at 07:10:03PM +1100, Sam Watkins (swatkins@fastmail.fm) wrote: > The other thing about ssh attacks is that I feel that I should try to > contact the people whose server has presumably been taken over and let > them know that it is attacking other servers. > > I did this manually a couple times, but I guess it would be useful to > have a script to help. (lookup whois and reverse DNS, see if there's > a webpage hosted on the machine, look for contact email, and draft a > message to various possible contact emails for me to edit) > > I know if my box was comprimised and attacking people, I'd like to > know about it! > > Attacking people's boxen running ssh seems to be a popular passtime at > the moment, it would be good to have a way to fight back against this > trend, rather than just protecting our own machines. > > Maybe there's some good reason NOT to contact people, I can't think > why. Might not want to use your canonical email address though! If you're really interested in doing that sort of reporting, you're welcome to crib from my SpamTools package (GPL): http://linuxmafia.com/~karsten/Download/SpamTools.tar.gz ...which does a lot of the "who are the contacts based on a given IP" logic. Peace. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? We're not going to fix this by getting the pilots to be more careful. - Aviation industry approach to systemic improvement.
Attachment:
signature.asc
Description: Digital signature