[Intrusions] SSH brute forcers

[Affeld, James]

I like what Gadi Evron is doing with the drone armies report on Bugtraq.  It includes an ISP praise/shame section.  

I don't know that I'm ready to blacklist an ISP for this indifference, but some of the smaller hosting companies - definitely.  And being on the List might get some attention/action.  

-----Original Message-----
From: C.J. Steele, CISSP [mailto:coreyjsteele at yahoo.com]
Sent: Friday, June 10, 2005 3:07 PM
To: Intrusions List (GCIA Practicals)
Subject: Re: [Intrusions] SSH brute forcers


I'm actually thinking about that.  I was thinking of doing a web-based
feed-back option to report hosts and the number of attacks they have
been responsible for and then doing ranking based on IP and/or netblock
and/or domain name.

Thoughts?

Cheers,
-C

--- EBIOS SysOp <ebios at ebios.wnaft.agh.edu.pl> wrote:

> Hello
> 
> When talking about ISPs and their misbehaving clients - what about
> blacklisting ISPs, or a ranking them according to their professional
> response when alerted about abusers coming out of their IP space?
> Any bad/good feelings about it ?
> 
> 
> Best regards
> Wojciech Królik
> 
> On Thu, 2 Jun 2005, Smith, Donald wrote:
> 
> >
> > Most of us do. I can not speak for all ISPs nor even for qwest.
> > But here are some general comments.
> >
> > Most dynamic IPs are tracked back to an account not a MAC.
> > To do that we need the ip, logs (proof) and time stamps with
> Timezone
> > info.
> >
> > Depending on the ISP's AUP users may get several warnings before
> being
> > disabled.
> > Depending on the ISP's abuse staff load this might take a day or
> two.
> >> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
> 


--
C.J. Steele, CISSP <coreyjsteele at yahoo.com>
_______________________________________________
Intrusions mailing list
Intrusions at lists.sans.org
http://www.dshield.org/mailman/listinfo/intrusions