[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Login attacks

Yes, I have actually received responses.  Not from China or Korea though, only from the US.  I will correct myself.  I said I contact the ISPs.  What I actually end up doing is contacting the company unless  I cannot associate the address to a company, in which I contact the ISP.

Like I said though, once I have seen attempts from a range of ip addresses owned by the same company or ISP three or more times, I block the entire range.  This prevents any more attempts.
Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking

halln otc edu

Eucke Warren wrote:
----- Original Message ----- 
From: Nathaniel Hall
To: For users of Fedora Core releases
Sent: Tuesday, December 07, 2004 2:52 PM
Subject: Re: Login attacks

I see attempts about every other day.  Because of this, I send e-mails to
ISPs about every other day.

Ok, this brings up a question I have.  I, too, have emailed the responsible
parties for the offending addresses.  Korea and China usually are the
countries from which the IP addresses are allocated.  Has ANYONE ever
received a  reply back?  I never have.  I am beginning to suspect that the
attacks are done with the tacit approval of those networks.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]