| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
This question does not have has much to do with Linux as it has to do with supporting and defending a Linux server. I have a non-production server that I have been systematically probed through port 80 over the last 5 weeks. It has been an interesting experience in seeing how the probe is being done. After collecting my diagnostics from "ethereal" and my access and error logs I approached my ISP provider. There response was non-supportive (They could care less about drilling back to the originating machine). I did send the same logs to CERT as part of the notification on active problems. My problem is now what? The probes continue and I have identified over 1600 compromised machines. Does anyone know of a group that provides support/programs/tools to drill back to the originating source of these probes? My next step right now would be to "host" and" whois" the compromised machines IP's to identify an administrator and work with them - Is there a more automated approach? Len Laulainen (952) 567-4211 len@euler.com _______________________________________________ LinuxManagers mailing list - http://www.linuxmanagers.org submissions: LinuxManagers@linuxmanagers.org subscribe/unsubscribe: http://www.linuxmanagers.org/mailman/listinfo/linuxmanagers
[Home] [Kernel List] [Linux SCSI] [Video 4 Linux] [Linux Admin] [Yosemite News] [Motherboards]