[Dshield] reporting to BT is a waste of time
mark.rowlands at minmail.net
Fri Jun 14 18:49:31 GMT 2002
On Friday 14 June 2002 7:26 pm, John Groseclose wrote:
> * Frank Rizzo <frankrizzocalled at hotmail.com> [020614 09:19]:
> > For weeks I have had this lil' ba$tard trying to crack my members area.
> > He's slipping up a few times because the x-forwarded-for is giving away
> > his IP address (I sometimes see his client_ip address as btinternet too).
> > So everytime there is an attack I send to abuse at btinternet.com or bt.net
> > whichever the whois tells me too.
At the risk of generating more irritation than you obviously already have
Are you reporting the appropriate information? ...... time with timezone, src
and destination, a packet dump is nice too. Are you sure it is actually an
attack? Does dshield implicate the little feller in any other activities?
> In cases like this, I assume you're seeing the attack coming through
> someone's proxy server.
> Block the proxy. Whether you do this at the firewall, or at the local
> machine via ipfilter, ipchains, iptables, whatever, just block it.
> If you want to get creative, set up a local redirect on your webserver to
> redirect incoming connections from the open proxies to another page -
> "Access denied - open proxy."
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list