Years ago I used to take the time to go through logs from time to time looking for break attempts on our network (especially when I worked for an ISP years ago) and would lookup who was responsible for the IP address being used and email them to let them know what was going on. Very few of the attacks were ever successful to any degree, but I figured it was the right thing to do, often times the systems being used in the attack had already been compromised so by reporting the activity to someone who could pull the system off line the who Internet would be better for it.
Doing this little bit of leg work took time though. Eventually as attacks on the Internet became common place I simply stopped reporting the attempts, it took up too much of my time to be worth while.
As I noted back in March though, brute force ssh attempts are on the rise. Lately I’ve been taking the time to report these, especially if they are in the U.S.. I’m not sure if it is language issues or what, but I’ve found a that I’m much more likely to get some action taken about and attacking system if it is here in the U.S. as opposed to systems in Asia or Europe. That isn’t to say that I get a action from everyone, depressingly it is far from everyone.
There have been some recent articles and comments about this kind of activity. It is good to see this getting some attention, it certainly needs it.
One reply on “Reporting Attack Attempts”
I am getting reports from my router that the same ip address is sending twinge attacks now in excess of 100,000 times. How and who do I report this to?