Slashdot Mirror
Ask Slashdot: Where To Report Script Kiddies and Other System Attacks?
First time accepted submitter tomscott writes "So I've been using using Linux for over ten years now and I'm sure like most Linux users I've got SSH running on my box and port 22 open on my cable modem so that I can access my system no matter where I am. Over the years I've seen people try to gain access to my system but — knock on wood — I've never had a breach. What I am wondering: Is there a website where I can report these attempts and even supply the details of where the break-in attempt originated from?" The FBI is interested, but probably only if you've actually suffered a loss.
The attackers are most likely using other infested machines.
There's nothing anyone can legally do with that information. Weak attempts at breaking in and port scanning are just background noise.
And which protocol/port does your VPN listen on?
Because that's just asking for abuse...
Captcha: insults
"Random" attacks can be reported to DShield.org . They have a number of scripts to automatically submit firewall logs (including from Linux firewalls). See http://www.dshield.org/howto.html . Once set up, it just "runs" and DShield aggregates the data, uses it for research and reports worst offenders to ISPs and other contacts.
---- join dshield.org Distributed Intrusion Detec
. . . the FBI are the ones trying to break into your system.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Most kiddes out there seemingly don't know about more sophisticated scripts that can identify services on non default ports.
I doubt they care, there are enough exploitable targets. The automated scripts scan _many_ IPs for a few ports. Having them scan more ports would take longer and slow the spread.
Despite what many say, there is some security through obscurity. It's a case of only having to outrun your neighbour and not the bear.
The other advantage is if you use an obscure port, if someone does try it and brute force etc, you can consider it more seriously - someone might actually be trying to hack you specifically.
Most UNIX systems automatically subscribe to the Network Users List of Lamers. Just write up your complaint to a text file, then send the complaint to NULL, using the command 'cat $REPORT > /dev/null'
Most idiots just parrot the 'security through obscurity' thinking it's some compelling argument when it's really not. If the basis of your security is entirely reliant on the obscurity of your algorithms, etc. being private then it is bad. But using some level of secrecy as a first line of defense can be quite useful in preventing attacks.
Even Bruce Schneier does not take the black-and-white stance that the Internet 'experts' do. He is actually quite pragmatic about acknowledging that there is a continuum of secrecy requirements based on the system at hand, but mentions that relying too much on secrecy makes the security of the system more fragile. These Internet 'experts' need to actual read what people like Bruce say rather than just repeating stupid sound bite pieces.
Duh? In this case, since he is being port scanned by what is most likely Chinese script kiddies moving the port will stop probably 99% of them. No one said such things will prevent any possible intrusion, but it's an easy and cheap way to prevent the vast majority and causes no compromising to the underlying system. For the determined people who get arou d that you layer on top other defenses such as ony allowing a certain amount of attempts before locking out/banning, only allowing retries after some certain length of time, etc. If all these fail, you still haven't compromised the underlying system but you've severely limited the amount of people who would be successful in attacking you.