[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh-rbl's Re: intrusion via ssh

Am 2005-04-01 01:00:34, schrieb Alvin Oga:
> hi ya michelle

> probably not ... liek any other isp

And this is why I collect all IPs by country and if I get to
much from Germany or France I give it to the Justice...

But I hit the ISP and the $CRACKER in the same time.
I was already several times successful.

> i think it's probably time to add all the ip# from all the 
> isp's that allow their script kiddies to keep bombarding
> our machines ..

I have already around 400 Blocks of 256 IPs

Curently I setup a new Linux Router for my 4 ADSL Modem-Routers
and I need a IPTABLES rule to block the Blocks...

> some of the machines i baby sit get 1,000 attepts per day too


> ( i just think of it as thanx for the audit and hopefully
> ( my other intruder silent alarms are working too, and they can trip
> ( all over that, than i'd got um .. time to send in the g-men

For two years I have gotten some rootkits which I have modified...
If someone try to CRACK my Computers, my automated Script has
tried to send the ROOTKIT to the other (agresing) Computer...


It was realy successfuly to do a 'cd / ; rm -rf' and something
under Windows similar...  But under Windows it is better to
destroy the FATs, kill the beginning and the end of the partitions
and the Partitiontable plus its backups...

> c ta
> alvin


Linux-User #280138 with the Linux Counter, http://counter.li.org/ 
Michelle Konzack   Apt. 917                  ICQ #328449886
                   50, rue de Soultz         MSM LinuxMichi
0033/3/88452356    67100 Strasbourg/France   IRC #Debian (irc.icq.com)

Attachment: signature.pgp
Description: Digital signature

Reply to: