Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Where To Report Script Kiddies and Other System Attacks?

Posted by timothy on from the needs-a-good-whippin' dept.

First time accepted submitter tomscott writes "So I've been using using Linux for over ten years now and I'm sure like most Linux users I've got SSH running on my box and port 22 open on my cable modem so that I can access my system no matter where I am. Over the years I've seen people try to gain access to my system but — knock on wood — I've never had a breach. What I am wondering: Is there a website where I can report these attempts and even supply the details of where the break-in attempt originated from?" The FBI is interested, but probably only if you've actually suffered a loss.

7 of 241 comments (clear)

  1. Pointless by Hentes · · Score: 5, Insightful

    The attackers are most likely using other infested machines.

  2. Re:Not like most linux users! by Anonymous Coward · · Score: 5, Insightful

    And which protocol/port does your VPN listen on?
    Because that's just asking for abuse...

    Captcha: insults

  3. These days, the attackers are innocent by scorp1us · · Score: 4, Insightful

    I think (I have no actual numbers) most of those are compromised boxes running distributed attack scripts. It makes sense to run the C&C, and let your zombies to the work that way it doesn't get tracked back to you.

    That was the case I saw twice on two boxes I had - one fell to a BIND exploit, and rather than reboot, I investigated why DNS stopped working. I uncovered a IRC C&C (with over 60 clients) and went about informing people (by the IPs of the irc clients) about what had happened. Most rebooted and never noticed a thing. All were happy to hear I was letting them know what happened.

    Based on that you're more likely to report innocent people whose only crime is being unpatched.

    --
    Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
  4. Re:Not like most linux users! by Bill,+Shooter+of+Bul · · Score: 4, Insightful

    Wouldn't you like to know...

    Seriously, don't use the default port for any service you don't have to. It will drastically drop the number of attempts. Most kiddes out there seemingly don't know about more sophisticated scripts that can identify services on non default ports.

    --
    Well.. maybe. Or Maybe not. But Definitely not sort of.
  5. Re:Not like most linux users! by localman57 · · Score: 4, Insightful

    Obscurity can be a layer in layered security plan. As long as the other layers aren't compromised by it in any way, it can't do any harm, and could do some good. But the other layers need to be trusted on their own. A good safe can withstand an attack for a rated amount of time even if the theives have the blueprints of the safe. But that doesn't mean you don't guard the blueprints to the safe.

  6. Re:Not like most linux users! by SecurityGuy · · Score: 4, Insightful

    Despite what many say, there is some security through obscurity. It's a case of only having to outrun your neighbour and not the bear.

    No, it's not at all alike because the bear is going to eat one of you: whichever one it catches first. The script isn't going to compromise one box, it's going to compromise every single one that's vulnerable to whatever exploit(s) it's using in the IP ranges it's scanning.

    To put it another way, it's not the bullet with your name on it you have to worry about. It's the 20,000 or so odd rounds labelled "Occupant".

  7. Re:Not like most linux users! by tnk1 · · Score: 4, Insightful

    No one is owned until Godwin comes out. Only Hitler would say differently.

    And yes, "security through obscurity" is a layer in a sound defensive strategy. If no one knows you are there, they don't know to start trying to attack you. If anything, it shrinks the size of your logs.

    Unfortunately, if an attacker is looking for you and already knows your service is there, you'd better have a more reliable defensive plan available.