[Dshield] reporting to BT is a waste of time

Mark Rowlands mark.rowlands at minmail.net
Fri Jun 14 18:49:31 GMT 2002


On Friday 14 June 2002 7:26 pm, John Groseclose wrote:
> * Frank Rizzo <frankrizzocalled at hotmail.com> [020614 09:19]:
> > For weeks I have had this lil' ba$tard trying to crack my members area.
> > He's slipping up a few times because the x-forwarded-for is giving away
> > his IP address (I sometimes see his client_ip address as btinternet too).
> >
> > So everytime there is an attack I send to abuse at btinternet.com or bt.net
> > whichever the whois tells me too.

At the risk of generating more irritation than you obviously already have  
...:-)

Are you reporting the appropriate information? ...... time with timezone, src 
and destination, a packet dump is nice too. Are you sure it is actually an 
attack?  Does dshield implicate the little feller in any other activities?


> In cases like this, I assume you're seeing the attack coming through
> someone's proxy server.
>
> Block the proxy. Whether you do this at the firewall, or at the local
> machine via ipfilter, ipchains, iptables, whatever, just block it.
>
> If you want to get creative, set up a local redirect on your webserver to
> redirect incoming connections from the open proxies to another page -
> "Access denied - open proxy."
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list