[olug] Attacked by Romanian Script Kiddies

Will Langford unfies at gmail.com
Tue Oct 24 16:56:46 UTC 2006


We've been hit by a bunch of random brute force attempts (ssh stuff) about
twice a day every day for the last 18 months.  Some of the attempts appear
to have come from compromised machines (I recall an ITT place in texas a
while back)... so..... yeah.

dshield might be about the only thing you can do, assuming it emails the
isp's.

There's also lots of firewall scripts that are reactive in nature.

-Will

On 10/24/06, Charles Bird <cbird at mail.datar8.com> wrote:
>
> I see, I like that.
> The IP just changed again. I sent in a report of most of the logging that
> I had going on at that time.
> For now (the next 12 hours)I am thinking I'll just drop their whole IP
> range.
>
>
> Thx for info.
>
>
>
> > Personally, I joined Dshield. http://www.dshield.org/
> > The have a free log parser that automagically sends offending ips to
> their
> > database and generated cease/desist emails for you.
> >
> > Andy.
> >
> > On 10/24/06, Charles Bird <cbird at mail.datar8.com> wrote:
> >>
> >> I have alot of packets coming thru going to a particular host. From
> >> Romania.
> >> 86.123.164.172
> >> 86.125.202.56
> >> are the main ones, sending garbage and syn.
> >> This happened yesterday from Romanian IPs as well, the IPs were added
> to
> >> iptables i just drop em.
> >> I am assuming these are dynamic IPs and the lease expired and the
> attack
> >> carried on.
> >> What can I do to turn in these a**h*les?
> >> What should i provide to abuse at whatever their ISP is?
> >> No one is gonna comprimise my uptime. arg
> >>
> >> _______________________________________________
> >> OLUG mailing list
> >> OLUG at olug.org
> >> http://lists.olug.org/mailman/listinfo/olug
> >>
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > http://lists.olug.org/mailman/listinfo/olug
> >
>
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>



More information about the OLUG mailing list