What does a responsible admin do if ...
David Wolfskill
david at catwhisker.org
Mon May 14 05:20:54 PDT 2007
... undesirable behavior is seen from a netblock for which there is no
email contact information?
Granted, this isn't likely a scenario where "one size (approach)
fits all," but the prospect of reading log entries -- and this was
for over 3800 attempts to logiin to my SSH server over a 5-hour
interval -- over the phone would appear to be daunting under the
best of circumstances, and for one with as strong an antipathy for
telephones as I have, it would be torture. Oh, yeah: I have 2 log
entries per attempt (one from the packet filter; the other from the SSH
daemon).
And since the hypothetical phone call would be to a different country,
that decreases the appeal significantly. Well, that, as well as me not
being conversant in the dominant languages in the country in question
(though I admit I have a friend who is conversant in at least one of
those).
(The IP address in question was 213.176.96.5. I expect that folks with
sufficient interest can find out more about it.)
I've taken a certain degree of evasive action, but I'll not disclose its
nature just yet, so as to avoid skewing responses. :-}
Peace,
david
--
David H. Wolfskill david at catwhisker.org
Believe SORBS at your own risk: 63.193.123.122 has been static since Aug 1999.
See http://www.catwhisker.org/~david/publickey.gpg for my public key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://www.baylisa.org/pipermail/baylisa/attachments/20070514/ff9612da/attachment.bin>
More information about the Baylisa
mailing list