Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Network attack - so what?
Special Forums Cybersecurity Network attack - so what? Post 302387272 by sysgate on Friday 15th of January 2010 04:28:25 AM
Old 01-15-2010
It depends. Back in the days when I was dealing with hundreds of spammers and attackers as a security officer I have even seen people ending up in the jail. But again, it will depend on the ISP / Enterprise, the local laws - California may be different than, let's say, Arizona, though they are neighbors, and especially the way you report the attacks / spam messages. Both Spamcop.net and Spamhaus.org do a pretty good job in providing cooperation to network / abuse admins through automated mail systems. There's a risk, however - some or all of the IP addresses may be indeed legitimate, but the attack itself deploys forged addresses injected directly into TCP packets.
Nevertheless, all spam messages fall under the CAN SPAM ACT 2003.
As for the SSHD attacks, you may consider those general advises, deploy sshdfilter or implement SSHBL.
HTH.
 

7 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Bruteforce attack on my pc

since putting my pc online, it keeps getting slower and i dig the logfile to have such a surprise: this is just one of a many and I beleived it's a bruteforce attack how do i block this IP 200.41.81.228 from trying to knock my online pc? my system: FreeBSD testing.net 6.2-STABLE-JE... (6 Replies)
Discussion started by: rdns
6 Replies

2. Cybersecurity

Replay Attack

REPLAY ATTACK. Can some one elobrate on measures to encounter this problem of replay atack on network. (3 Replies)
Discussion started by: Ashvin Gaur
3 Replies

3. IP Networking

Bizzare network attack?

A server I host is having very rare glitches where a file the user downloads will have incorrect contents. This almost never happens when I am looking, I caught it once and only once -- a user messaged me saying his antivirus had given him a warning about an image file downloaded from his... (2 Replies)
Discussion started by: Corona688
2 Replies

4. Cybersecurity

What I think is a DoS attack

About 3 days ago our Apache logs started filling with the following errors: mod_ssl: SSL handshake failed (server <weberver>:443, client 41.235.234.172) (OpenSSL library error follows) OpenSSL: error:1408A0B7:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified These initially were... (1 Reply)
Discussion started by: ccj4467
1 Replies

5. Cybersecurity

Found attack from

Hi, I have a belkin router installed and a look at the security log has got me worried a little bit. Security log: Fri Jan 29 20:41:46 2010 =>Found attack from 68.147.232.199. Source port is 58591 and destination port is 12426 which use the TCP protocol. Fri Jan 29 20:41:46 2010 ... (1 Reply)
Discussion started by: jld
1 Replies

6. Cybersecurity

UUCP attack?

Is this an attack attempt? I got an e-mail from 'uucp Admin' last night and again this morning: What does it mean and what can I do about it? Thanks (4 Replies)
Discussion started by: ctafret
4 Replies

7. Emergency UNIX and Linux Support

DDOS attack please help!

Dear community, my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql. I identified the IPs who attack me and block it through iptable firewall from debian. Something like: iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP This... (7 Replies)
Discussion started by: Lord Spectre
7 Replies

LEARN ABOUT DEBIAN

mergelogs

MERGELOGS(1)						      General Commands Manual						      MERGELOGS(1)

NAME

       mergelogs - merge and consolidate web server logs

SYNOPSIS

       mergelogs -p penlog [-c] [-d] [-j jitter] [-t seconds] server1:logfile1 [server2:logfile2 ...]

EXAMPLES

       mergelogs -p pen.log 10.0.0.1:access_log.1 10.0.0.2:access_log.2

       mergelogs -p pen.log 10.0.18.6:access_log-10.0.18.6 10.0.18.8:access_log-10.0.18.8

DESCRIPTION

       When pen is used to load balance web servers, the web server log file lists all accesses as coming from the host running pen. This makes it
       more difficult to analyze the log file.

       To solve this, pen creates its own log file, which contains the real client address, the time of the access, the target server address  and
       the first few bytes of the requests.

       Mergelogs reads pen's log file and the log files of all load balanced web servers, compares each entry and creates a combined log file that
       looks as if the web server cluster were a single physical server.  Client addresses are replaced with the real client addresses.

       In the event that no matching client address can be found in the pen log, the server address is used instead. This should never happen, and
       is  meant  as  a debugging tool. A large number of these indicates that the server system date needs to be set, or that the jitter value is
       too small.

       You probably don't want to use this program. Penlog is a much more elegant and functional solution.

OPTIONS

       -c     Do not cache pen log entries. The use of this option is not recommended, as it will make mergelogs search the  entire  pen  log  for
	      every line in the web server logs.

       -d     Debugging (repeat for more).

       -p penlog
	      Log file from pen.

       -j jitter
	      Jitter  in  seconds (default 600). This is the maximum variation in time stamps in the pen and web server log files. A smaller value
	      will result in a smaller pen log cache and faster processing, at the risk of missed entries.

       -t seconds
	      The difference in seconds between the time on the pen server and UTC.  For example, this is 7200 (two hours) in Finland.

       server:logfile
	      Web server address and name of log file.

AUTHOR

       Copyright (C) 2001-2003 Ulric Eriksson, <ulric@siag.nu>.

SEE ALSO

       pen(1), webresolve(1), penlog(1), penlogd(1)

								       LOCAL							      MERGELOGS(1)
All times are GMT -4. The time now is 10:23 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy