[SGVLUG] Who is that knocking on my ports?

Alan Horn ahorn at deorth.org
Mon Jan 12 19:08:14 PST 2009


>
>   1) identify the ISP or suitable "owner" of the netblock containing
> the IP address
>   2) for "well known" ISP's, look up their security or "abuse" e-mail
> addresses
>   3) generate, in real time, an e-mail report of the breakin attempt --
> one e-mail per attempt :)
>
> Yes, I intend to "spam" the ISP about what their user(s) are doing.

It's completely not worth it. Just drop them with blocksshd or something 
similar. These botnet attacks are so numerous and distributed that the 
best course right now is just to ignore them and drop the packets on the 
floor. It's a personal choice of course.

Cheers,

Al



More information about the SGVLUG mailing list