[Techtalk] Who to complain to?
David Sumbler
david at aeolia.co.uk
Wed Nov 3 22:00:44 EST 2004
I run sshd on my Fedora Core 2 box. Most mornings I check my root
mail and /var/log/secure files to see who, if anyone, has been trying
unauthorized log-ins.
Beacuse these occur so often, I've started fighting back by e-mailing
the ISP or whoever who supplies the offending IP, and I've had a
couple of gratifying results where accounts have been terminated as a
result.
But who do I contact in a case like this? This morning over a 54
minute period there were 827 attempted log-ins, including 818 attempts
to log into the 'root' account. (I'm not too worried: 'root' isn't an
"allowed user", and in any case I think my passwords are pretty
secure.)
When I do a "whois" on the offending IP, all I get is:
[Querying whois.arin.net]
[whois.arin.net]
Pac Bell Internet Services PBI-NET-7 (NET-63-192-0-0-1)
63.192.0.0 - 63.207.255.255
County of Santa Cruz SBCIS990913-81 (NET-63-194-190-0-1)
63.194.190.0 - 63.194.190.255
# ARIN WHOIS database, last updated 2004-11-02 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
How do I find out more, and, specifically, who to complain to about
this antisocial behaviour? Incidentally, I'm not clear how to follow
the advice on the last line of the above.
David
--
More information about the Techtalk
mailing list