Security Basics mailing list archives

Re: Reporting SSH abuse

From: Greg R <grrubin () gmail com>
Date: Wed, 10 Mar 2010 15:10:19 -0800


The group I'm with wants:
Logs
Src ips
Dst ips or network
Timestamps
Timezone
Your contact information

Greg


On Mar 9, 2010, at 1:47 PM, Liquid <liquid () gh0st net> wrote:

Dan Pilcheck wrote:
Hello list,

I've been getting a slew of SSH brute forces coming from a university
inside the US over the
past week. Normally I wouldn't even bother with reporting, but I
figured this would be a
chance to clear this up.

Fail2ban bans for 10 hours, and then the login attempts area right
back at it. Repeat.

An email with associated logs, and perhaps a little info from this
side is the best I can come
up with. I suppose there's not much else to report, though.

Is there a 'standard' format to report ssh abuse? Like there is with
vuln reporting?

IMO, I doubt anything will happen, but if it were coming from my
network, I'd like a notification.
Dan,
Honestly thats more than enough. I've had client sites that weredoing the same and the notifications were more than ample to atleast look into it. A nice note to the person should work, we had acouple in the past where the admin was a complete jerk in letting usknow. So personally I'd recommend a screenshot of a log and perhapsjust listing the IP and what its hammering against. (ssh in thiscase). Hope this helps!
-L
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needsan SSL certificate. We look at how SSL works, how it benefits yourcompany and how your customers can tell if a site is secure. Youwill find out how to test, purchase, install and use a thawteDigital Certificate on your Apache web server. Throughout, bestpractices for set-up are highlighted to help you ensure efficientongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Reporting SSH abuse Dan Pilcheck (Mar 09)
- Re: Reporting SSH abuse Liquid (Mar 10)
  - Re: Reporting SSH abuse Greg R (Mar 15)
- RE: Reporting SSH abuse Dan Lynch (Mar 10)
  - Re: Reporting SSH abuse Feeyo|NixDevs (Mar 15)
- Re: Reporting SSH abuse James Bensley (Mar 10)
  - Re: Reporting SSH abuse Chris Lyon (Mar 15)
- Re: Reporting SSH abuse mgk (Mar 19)