Hi all, following almost all security relevant problems, one of my machines got exploited last week. After i fixed this hole, my firewall now repeated the same trials from the same source on other machines which are already protected against this attack. The person on the other side retries and retries. It's a uk-source, I'm in Germany. What can I do?- Is there any "global police department" for this? Thanks for help Martin
Contact the people responsible for the IP the attach originated from. Check their website and WHOIS information, to see if they have an abuse contact. If they don't, abuse@domain.com is normally a good bet, failing that try postmaster@domain.com - any domain setup to accept mail should have that, if nothing else, the recipient of that mail would be able to forward the mail to the right person. If it's an ISP, the attacker is bound to be in breach of their acceptable use policy, if it's some other sort of organisation, they will have an equivalent policy. The thing is - don't be surprised if you receive no reply, or only an automated one, especially if it's a large company or organisation. Kind regards James
following almost all security relevant problems, one of my machines got exploited last week. After i fixed this hole, my firewall now repeated the same trials from the same source on other machines which are already protected against this attack. The person on the other side retries and retries. It's a uk-source, I'm in Germany. What can I do?- Is there any "global police department" for this? -- James Ogley, Unix Systems Administrator, Pinnacle Insurance Plc james.ogley@pinnacle.co.uk www.pinnacle.co.uk +44 (0) 20 8731 3619 Using Free Software since 1994, running GNU/Linux (SuSE 8.0) Updated GNOME RPMs for SuSE Linux: www.usr-local-bin.org
*********************************************************************** CONFIDENTIALITY. This e-mail and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Pinnacle Insurance Plc. If you have received this e-mail in error please immediately notify our Helpdesk on +44 (0) 20 8207 9555. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com **********************************************************************
On 17 May 2002 09:54:45 +0100
James Ogley
Contact the people responsible for the IP the attach originated from.
Check their website and WHOIS information, to see if they have an abuse contact.
Also, don't forget to include a log file of the attack and your timezone. Charles -- "Are [Linux users] lemmings collectively jumping off of the cliff of reliable, well-engineered commercial software?" (By Matt Welsh)
participants (3)
-
Charles Philip Chan
-
James Ogley
-
Martin Gudel