[wplug] Any tips against this kind of ssh break-in?

[Bill Moran]

"Chester R. Hosey" <Chester.Hosey at gianteagle.com> wrote:
> On Fri, 2005-07-15 at 09:20 -0400, Hosey, Chester wrote:
> 
> > If that is the case, you might also forward your logs on to the ISP 
> > which owns the offending address(es). Your luck depends on the amount
> > to 
> > which the ISP's admins can be bothered to care at the moment but you
> > may 
> > be able to cut things off at the source. It's possible that if the 
> > person being naughty learns that there are consequences to doing
> > things 
> > that they shouldn't be doing they might just decide that it isn't
> > worth 
> > the trouble.
> 
> Just to save you the trouble I've found the party responsible for the IP
> mentioned in your log. According to ARIN it's is in Asia, and the Asia
> Pacific Network Information Centre search page
> (http://www.apnic.net/apnic-bin/whois.pl) passes off responsibility to
> krnic.net:

[snip]
 
> If you do contact their abuse department, let us know how it goes!

Don't get your hopes up.  I've been filing complaints about this kind of
attack for months (probably 2 or 3 a week) and seldom get any reply.

In the US, a breakin doesn't get any attention from the authorities unless
a considerable amount of damage is done (usually cited at as $10,000 or
more).  This goes on too frequently for the authorities to bother with it
unless there's significant financial loss.

ARIN (in particular) doesn't seem to care about anything at all.  I don't
think I've _ever_ gotten any reply from them, and 75% of the attacks I
see come from ARIN domains.

I've considered setting up a "honeypot" that I can claim is worth over
$10,000 and then letting someone break in, as sort of a trap.  Unfortunatly,
I don't have $10,000 worth of data that I can afford to sacrifice!

Lock your machines down carefully.  The reality is that nobody's got your
back.  Either secure it yourself or accept the gamble you're taking.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com