Ask Slashdot: Where To Report Script Kiddies and Other System Attacks?

First time accepted submitter tomscott writes "So I've been using using Linux for over ten years now and I'm sure like most Linux users I've got SSH running on my box and port 22 open on my cable modem so that I can access my system no matter where I am. Over the years I've seen people try to gain access to my system but — knock on wood — I've never had a breach. What I am wondering: Is there a website where I can report these attempts and even supply the details of where the break-in attempt originated from?" The FBI is interested, but probably only if you've actually suffered a loss.

From my understanding

[chemicaldave]

There's nothing anyone can legally do with that information. Weak attempts at breaking in and port scanning are just background noise.

Report it to DShield.org

[UnderAttack]

"Random" attacks can be reported to DShield.org . They have a number of scripts to automatically submit firewall logs (including from Linux firewalls). See http://www.dshield.org/howto.html . Once set up, it just "runs" and DShield aggregates the data, uses it for research and reports worst offenders to ISPs and other contacts.

Re:Not like most linux users!

[TheLink]

Most kiddes out there seemingly don't know about more sophisticated scripts that can identify services on non default ports.

I doubt they care, there are enough exploitable targets. The automated scripts scan _many_ IPs for a few ports. Having them scan more ports would take longer and slow the spread.

Despite what many say, there is some security through obscurity. It's a case of only having to outrun your neighbour and not the bear.

The other advantage is if you use an obscure port, if someone does try it and brute force etc, you can consider it more seriously - someone might actually be trying to hack you specifically.