Re: What to do with attackers?

To: Thomas <jade@ares.dyndns.biz>
Cc: debian-user@lists.debian.org
Subject: Re: What to do with attackers?
From: Alvin Oga <aoga@mail.Linux-Consulting.com>
Date: Fri, 4 Nov 2005 03:52:23 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.1051104034656.30784A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 436B4319.4010805@ares.dyndns.biz>

On Fri, 4 Nov 2005, Thomas wrote:

> recently, i can see ofthen brute force attacks in my ssh logfile.
> A friend of mine, who has the same ISP gets the same bruteforce attacks.
> 
> What would be an adequate reaction to repeated ssh bruteforce attacks?

you should "know" if and that your systems are 99% secure as is 

	- proving it to yourself or against the attackers is a 
	separate problem

you should have all your "important" data backed up elsewhere
where you can guarantee with 100% accuracy you can restore any
file to any date and time

> Should i contact the owner of the attackers ip address?

if you like ..

> Should i do something else?

if you like .. tons of other things ... like "do your own real work"
and not worry too much about the free audits unless you're not sure
about the security of ALL your systems and data :-)

--------

in my world... the attackers is 100% successful if they take more
than a minute or two of my time including checking log files
and who they are etc..etc.. unless that is the actual tasks
i'm supposed to be doing at the time and being paid for tracking
them down

c ya
alvin

Reply to:

References:
- What to do with attackers?
  - From: Thomas <jade@ares.dyndns.biz>

Prev by Date: Re: image library manager recomendation
Next by Date: Re: cannot get into X - after testing dist-upgrade 11-03-05
Previous by thread: Re: What to do with attackers?
Next by thread: Re: What to do with attackers?
Index(es):
- Date
- Thread