Login attacks

Nathaniel Hall halln at otc.edu
Tue Dec 7 23:17:32 UTC 2004


Yes, I have actually received responses.  Not from China or Korea 
though, only from the US.  I will correct myself.  I said I contact the 
ISPs.  What I actually end up doing is contacting the company unless  I 
cannot associate the address to a company, in which I contact the ISP.

Like I said though, once I have seen attempts from a range of ip 
addresses owned by the same company or ISP three or more times, I block 
the entire range.  This prevents any more attempts.

Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking

halln at otc.edu
417-447-7535



Eucke Warren wrote:

>>----- Original Message ----- 
>>From: Nathaniel Hall
>>To: For users of Fedora Core releases
>>Sent: Tuesday, December 07, 2004 2:52 PM
>>Subject: Re: Login attacks
>>
>>
>>I see attempts about every other day.  Because of this, I send e-mails to
>>    
>>
>ISPs about every other day.
>
>Ok, this brings up a question I have.  I, too, have emailed the responsible
>parties for the offending addresses.  Korea and China usually are the
>countries from which the IP addresses are allocated.  Has ANYONE ever
>received a  reply back?  I never have.  I am beginning to suspect that the
>attacks are done with the tacit approval of those networks.
>
>  
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041207/99486855/attachment-0001.htm>


More information about the fedora-list mailing list