[Intrusions] SSH brute forcers
C.J. Steele, CISSP
coreyjsteele at yahoo.com
Fri Jun 10 22:06:58 GMT 2005
I'm actually thinking about that. I was thinking of doing a web-based
feed-back option to report hosts and the number of attacks they have
been responsible for and then doing ranking based on IP and/or netblock
and/or domain name.
Thoughts?
Cheers,
-C
--- EBIOS SysOp <ebios at ebios.wnaft.agh.edu.pl> wrote:
> Hello
>
> When talking about ISPs and their misbehaving clients - what about
> blacklisting ISPs, or a ranking them according to their professional
> response when alerted about abusers coming out of their IP space?
> Any bad/good feelings about it ?
>
>
> Best regards
> Wojciech Królik
>
> On Thu, 2 Jun 2005, Smith, Donald wrote:
>
> >
> > Most of us do. I can not speak for all ISPs nor even for qwest.
> > But here are some general comments.
> >
> > Most dynamic IPs are tracked back to an account not a MAC.
> > To do that we need the ip, logs (proof) and time stamps with
> Timezone
> > info.
> >
> > Depending on the ISP's AUP users may get several warnings before
> being
> > disabled.
> > Depending on the ISP's abuse staff load this might take a day or
> two.
> >> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
--
C.J. Steele, CISSP <coreyjsteele at yahoo.com>
More information about the Intrusions
mailing list