Re: Reporting SSH abuse



Dan Pilcheck wrote:
Hello list,

I've been getting a slew of SSH brute forces coming from a university
inside the US over the
past week. Normally I wouldn't even bother with reporting, but I
figured this would be a
chance to clear this up.

Fail2ban bans for 10 hours, and then the login attempts area right
back at it. Repeat.

An email with associated logs, and perhaps a little info from this
side is the best I can come
up with. I suppose there's not much else to report, though.

Is there a 'standard' format to report ssh abuse? Like there is with
vuln reporting?

IMO, I doubt anything will happen, but if it were coming from my
network, I'd like a notification.


Dan,

Honestly thats more than enough. I've had client sites that were doing the same and the notifications were more than ample to at least look into it. A nice note to the person should work, we had a couple in the past where the admin was a complete jerk in letting us know. So personally I'd recommend a screenshot of a log and perhaps just listing the IP and what its hammering against. (ssh in this case). Hope this helps!

-L

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • Bumping up a default net.graph.maxdata to avoid "Write failed: Cannot allocate memory"
    ... Syncing zfs snapshots across the net using 'zfs send' over ssh started ... failing one day with ssh reporting "Write failed: Cannot allocate memory" ... on the receiving side after transferring about 20 GB. ...
    (freebsd-net)
  • Re: Reporting SSH abuse
    ... I've been getting a slew of SSH brute forces coming from a university ... Normally I wouldn't even bother with reporting, ... You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. ...
    (Security-Basics)
  • RE: Illegal user ssh probes
    ... the incidents to various "net abuse" departments without any success. ... Subject: Illegal user ssh probes ... The rate of probes is very low so I ... Is it worth reporting the behaviour to the net block assignees in case they ...
    (SSH)
  • RE: Reporting brute force ssh login attempts
    ... With it I have ssh access disabled and when I need to get it - I send special packet ... Reporting brute force ssh login attempts ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • RE: Reporting brute force ssh login attempts
    ... With it I have ssh access disabled and when I need to get it - I send special packet ... Reporting brute force ssh login attempts ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)