on Mon, Dec 06, 2004 at 07:10:03PM +1100, Sam Watkins (swatkins@fastmail.fm) wrote:
> The other thing about ssh attacks is that I feel that I should try to
> contact the people whose server has presumably been taken over and let
> them know that it is attacking other servers.
>
> I did this manually a couple times, but I guess it would be useful to
> have a script to help. (lookup whois and reverse DNS, see if there's
> a webpage hosted on the machine, look for contact email, and draft a
> message to various possible contact emails for me to edit)
>
> I know if my box was comprimised and attacking people, I'd like to
> know about it!
>
> Attacking people's boxen running ssh seems to be a popular passtime at
> the moment, it would be good to have a way to fight back against this
> trend, rather than just protecting our own machines.
>
> Maybe there's some good reason NOT to contact people, I can't think
> why. Might not want to use your canonical email address though!
If you're really interested in doing that sort of reporting, you're
welcome to crib from my SpamTools package (GPL):
http://linuxmafia.com/~karsten/Download/SpamTools.tar.gz
...which does a lot of the "who are the contacts based on a given IP"
logic.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
We're not going to fix this by getting the pilots to be more careful.
- Aviation industry approach to systemic improvement.
Attachment:
signature.asc
Description: Digital signature