What can I do about breaking attempts? (clarified) - Security

This is a discussion on What can I do about breaking attempts? (clarified) - Security ; In an earlier thread, I asked what I could do about repeated breakin attempts. The answers pertained to protecting my server. Thanks, but I should have clarified the question: it was really about law enforcement. Who can I report these ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: What can I do about breaking attempts? (clarified)

  1. What can I do about breaking attempts? (clarified)

    In an earlier thread, I asked what I could do about repeated breakin
    attempts. The answers pertained to protecting my server. Thanks, but I
    should have clarified the question: it was really about law enforcement. Who
    can I report these breakin attempts to? And what law enforcement agencies
    are out there that could find and arrest this criminal?

    The question is sufficiently different from the earlier version that I
    thought it worth starting a new thread.



  2. Re: What can I do about breaking attempts? (clarified)

    On Sat, 25 Feb 2006, in the Usenet newsgroup comp.os.linux.security, in article
    <4400e4c0$0$10963$9a6e19ea@news.newshosting.com>, Chris wrote:

    >In an earlier thread, I asked what I could do about repeated breakin
    >attempts. The answers pertained to protecting my server. Thanks, but I
    >should have clarified the question: it was really about law enforcement. Who
    >can I report these breakin attempts to? And what law enforcement agencies
    >are out there that could find and arrest this criminal?


    Are you serious???

    1. There are no Internet Police.
    2. The zombie is most likely in a different jurisdiction
    3. In the USA, can you demonstrate a substantial financial loss (I believe
    the figure is US$5000 for the FBI to become involved), or other violation
    of laws of sufficient importance for a law enforcement agency to get into
    the picture? Do you have information on the system that the laws require
    you to protect?

    >The question is sufficiently different from the earlier version that I
    >thought it worth starting a new thread.


    See that your firewall is working, and ignore the noise.

    Old guy

  3. Re: What can I do about breaking attempts? (clarified)

    On Sat, 25 Feb 2006 17:25:31 -0600, "Chris" wrote:

    >In an earlier thread, I asked what I could do about repeated breakin
    >attempts. The answers pertained to protecting my server. Thanks, but I
    >should have clarified the question: it was really about law enforcement. Who
    >can I report these breakin attempts to? And what law enforcement agencies
    >are out there that could find and arrest this criminal?


    At least your law enforcement will get a good belly-laugh from
    your attitude.

    Do you not lock your front door? car? So why do you leave your
    computer wide open and then complain? Roving gangs of kids are
    looking for something to play with, you are inviting them to
    play with you. Don't like it? Shut the bloody door!

    Take responsibility.

    Grant.
    --
    .... The computer scientist, who had listened to all of this said,
    "Yes, but where do you think the chaos came from?"

  4. Re: What can I do about breaking attempts? (clarified)

    Chris wrote:
    > In an earlier thread, I asked what I could do about repeated breakin
    > attempts. The answers pertained to protecting my server. Thanks, but I
    > should have clarified the question: it was really about law enforcement. Who
    > can I report these breakin attempts to? And what law enforcement agencies
    > are out there that could find and arrest this criminal?


    LOL... this is one of the funniest posts I've seen in a long time

  5. Re: What can I do about breaking attempts? (clarified)

    "Chris" (06-02-25 17:25:31):

    > In an earlier thread, I asked what I could do about repeated breakin
    > attempts. The answers pertained to protecting my server. Thanks, but I
    > should have clarified the question: it was really about law
    > enforcement. Who can I report these breakin attempts to? And what law
    > enforcement agencies are out there that could find and arrest this
    > criminal?
    >
    > The question is sufficiently different from the earlier version that I
    > thought it worth starting a new thread.


    Regarding law it depends on your and the attacker's country. A smart
    attacker doesn't get busted anyway (theoretically it often would be
    possible, but it's expensive also). Many people in the past (including
    very large companies) have counted on law, just to realize that it's a
    big mistake.

    So I can just repeat what Grant has already said. Secure your server
    properly. That's cheap and saves you a lot of trouble.


    Regards.

  6. Re: What can I do about breaking attempts? (clarified)

    Chris wrote:
    > In an earlier thread, I asked what I could do about repeated breakin
    > attempts. The answers pertained to protecting my server. Thanks, but I
    > should have clarified the question: it was really about law enforcement. Who
    > can I report these breakin attempts to? And what law enforcement agencies
    > are out there that could find and arrest this criminal?


    Something like this:
    http://www.dshield.org/
    may be much more suitable for the more general cases (e.g. unsuccessful
    unauthorized breakin attempts).

    I've sent many e-mails (e.g. to the responsible ISP) on such
    incidents. Most of the time one won't even get a response when
    reporting such items. When one does get a response, it's usually a
    canned (but often at least somewhat encouraging) response. Once in a
    while, one gets a more detailed response (e.g. excerpted, redacted,
    some
    characters translated to ASCII and some line folding:

    From: "abuse@" >
    Subject: Re: unauthorized ssh login attempts from
    ()

    Dear Sir/Madam

    Thank you for contacting the Customer Security team
    regarding your port scan concern and for forwarding your personal
    firewall logs.

    Port scanning contravenes 's Acceptable Usage Policy and
    Terms & Conditions. We take any abuse of our service very seriously.

    I've carried out an investigation into this and we've taken action
    against our user to stop this happening again.

    I'm sorry to say, though, that I won't be able to give you any more
    information about the user in question.

    There are free services available that may extract detected malicious
    activity from your firewall logs and automatically send
    them to the appropriate abuse department for further action. Two such
    services are:
    MyNetWatchman at http://www.mynetwatchman.com
    and DShield at http://www.dshield.org

    Other services are also available.

    In addition, you may like to consider these steps to reduce the chances
    of your computer being compromised by hackers:

    i) make sure any anti-virus or port protection software you're already
    running is up to date and that it is programmed to reject
    remote access. You can usually update via the software maker's web site
    ii) if you keep sensitive information on your computer, you could
    consider getting some encryption software for more protection
    iii) when you're connected to the internet, do not publicise your IP
    address (the unique ID number your ISP gives on connecting)
    as this invites hackers. You're especially vulnerable when using
    applications such as chat, internet relay chat or video
    conferencing
    iv) be careful what applications you install direct from the internet -
    do you trust the supplier? Most viruses and trojans
    enter systems via shareware and freeware downloads.

    If you use Microsoft software, we would also like to bring to your
    attention the importance of installing any necessary security
    updates from Microsoft. You can see the available patches at
    http://windowsupdate.microsoft.com

    If you're worried that your computer has been accessed remotely and
    that data has been read or taken, we suggest you contact the
    police with whatever evidence you may have.

    At we are consistently looking at ways to improve the
    service we offer our customers. As part of this we have put together
    an online questionnaire about the your experience of dealing with the
    Customer Security Team which we would like to complete.
    The questionnaire can be found at the following URL:
    http://questionnaire and will only take a few minutes
    of your time. Your feedback will help us improve the service we offer
    you.

    I hope the above helps. Please don't hesitate to contact us with any
    further enquiries or comments.

    Thank you again.

    Yours faithfully


    Customer Security Team
    http://
    http://www.getsafeonline.org/

    is a founding member of the Internet Watch Foundation, ISP
    Abuse Management Forum and the Internet Content Rating
    Association.

    This electronic message contains information from the
    Acceptable Use team, which may be privileged and confidential. The
    information is intended for use only by the individuals or entity named
    above. If you are not the intended recipient, be aware
    that any disclosure, copying, distribution or use of the contents of
    this information is prohibited. If you have received this
    message in error please notify by email immediately.

    does not accept responsibility for the content of third
    party web sites.

    Original Message Follows:
    ------------------------
    unauthorized ssh login attempts from
    timestamps PST8PDT
    Jan 28 18:27:12 sshd: Failed password for root from
    port ssh2

    )


+ Reply to Thread