Network attack - so what?


Login or Register for Dates, Times and to Reply

 
Thread Tools Search this Thread
# 1  
Network attack - so what?

In my logs I find entries about attacks on my system. I know IP addresses, I know date and time and I know what they tried to do. So what's the best I can do now? Tell everybody that there are cybercriminals on that network? Write an email to their admin? Anything else?
# 2  
I would want to block the known attacking IP(s) on the firewall at the gateway into the network and the node that is being attacked.
# 3  
If it was a hijack attempt, maybe let Spamhaus know.

The Spamhaus Project
# 4  
You should block those IPs using firewall.
  • You should constantly monitor the log, and append your block list with the new IPs that attacks.
  • Or allow only the IPs that are expected.
You should have strong password for root login, if that is ssh attack. Or even you can think about locking the root account, and use some sudo account to do the administration and be in the safer side.
# 5  
While the advises above are valuable, I can also vote for contacting Spamhaus for such issues, if deemed they are proper for their activity. Having worked as Security and Abuse administrator, I can only say I was pleased to work with Spamhaus for a few years, but like I said, it will depend on the type of attack.
# 6  
Quote:
Originally Posted by Action
In my logs I find entries about attacks on my system. I know IP addresses, I know date and time and I know what they tried to do. So what's the best I can do now? Tell everybody that there are cybercriminals on that network? Write an email to their admin? Anything else?
This question cannot be answered unless you describe the nature of the attack.

Your question is so vague, that we have no idea, really what you are talking about. A web attack? An SSH login attempt? A simple scan? Spam? What kind of attack?

Why would you ask such a question without providing any details and expect to get a useful answer?
# 7  
Quote:
Originally Posted by Neo
This question cannot be answered unless you describe the nature of the attack.

Your question is so vague, that we have no idea, really what you are talking about. A web attack? An SSH login attempt? A simple scan? Spam? What kind of attack?

Why would you ask such a question without providing any details and expect to get a useful answer?
Sorry.
To provide more details, with "attack" i meant SSH brute force - somebody tries to login as "Administrator" or with other users over SSH for many times. I think the IPs are always dynamic. To spam, what do you think of offers on the Web to subscribe for spam and of using it to spam spammers? Using email aliases, it would be possible. And, i didn't know (email) spam is considered as an attack.
To make my question in the first posting more precise: did I understand it right that for an attacker there will be no consequences?
Login or Register for Dates, Times and to Reply

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

7 More Discussions You Might Find Interesting

1. Emergency UNIX and Linux Support

DDOS attack please help!

Dear community, my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql. I identified the IPs who attack me and block it through iptable firewall from debian. Something like: iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP This... (7 Replies)
Discussion started by: Lord Spectre
7 Replies

2. Cybersecurity

UUCP attack?

Is this an attack attempt? I got an e-mail from 'uucp Admin' last night and again this morning: What does it mean and what can I do about it? Thanks (4 Replies)
Discussion started by: ctafret
4 Replies

3. Cybersecurity

Found attack from

Hi, I have a belkin router installed and a look at the security log has got me worried a little bit. Security log: Fri Jan 29 20:41:46 2010 =>Found attack from 68.147.232.199. Source port is 58591 and destination port is 12426 which use the TCP protocol. Fri Jan 29 20:41:46 2010 ... (1 Reply)
Discussion started by: jld
1 Replies

4. Cybersecurity

What I think is a DoS attack

About 3 days ago our Apache logs started filling with the following errors: mod_ssl: SSL handshake failed (server <weberver>:443, client 41.235.234.172) (OpenSSL library error follows) OpenSSL: error:1408A0B7:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified These initially were... (1 Reply)
Discussion started by: ccj4467
1 Replies

5. IP Networking

Bizzare network attack?

A server I host is having very rare glitches where a file the user downloads will have incorrect contents. This almost never happens when I am looking, I caught it once and only once -- a user messaged me saying his antivirus had given him a warning about an image file downloaded from his... (2 Replies)
Discussion started by: Corona688
2 Replies

6. Cybersecurity

Replay Attack

REPLAY ATTACK. Can some one elobrate on measures to encounter this problem of replay atack on network. (3 Replies)
Discussion started by: Ashvin Gaur
3 Replies

7. UNIX for Dummies Questions & Answers

Bruteforce attack on my pc

since putting my pc online, it keeps getting slower and i dig the logfile to have such a surprise: this is just one of a many and I beleived it's a bruteforce attack how do i block this IP 200.41.81.228 from trying to knock my online pc? my system: FreeBSD testing.net 6.2-STABLE-JE... (6 Replies)
Discussion started by: rdns
6 Replies

Featured Tech Videos