Login attacks
Nathaniel Hall
halln at otc.edu
Tue Dec 7 23:17:32 UTC 2004
Yes, I have actually received responses. Not from China or Korea
though, only from the US. I will correct myself. I said I contact the
ISPs. What I actually end up doing is contacting the company unless I
cannot associate the address to a company, in which I contact the ISP.
Like I said though, once I have seen attempts from a range of ip
addresses owned by the same company or ISP three or more times, I block
the entire range. This prevents any more attempts.
Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking
halln at otc.edu
417-447-7535
Eucke Warren wrote:
>>----- Original Message -----
>>From: Nathaniel Hall
>>To: For users of Fedora Core releases
>>Sent: Tuesday, December 07, 2004 2:52 PM
>>Subject: Re: Login attacks
>>
>>
>>I see attempts about every other day. Because of this, I send e-mails to
>>
>>
>ISPs about every other day.
>
>Ok, this brings up a question I have. I, too, have emailed the responsible
>parties for the offending addresses. Korea and China usually are the
>countries from which the IP addresses are allocated. Has ANYONE ever
>received a reply back? I never have. I am beginning to suspect that the
>attacks are done with the tacit approval of those networks.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041207/99486855/attachment-0001.htm>
More information about the fedora-list
mailing list