[166814] in North American Network Operators' Group
Re: Automatic abuse reports
daemon@ATHENA.MIT.EDU (=?UTF-8?Q?Dani=C3=ABl_W=2E_Crompto)
Tue Nov 12 19:16:09 2013
In-Reply-To: <8e46e18f60fef97dae75f61b4698fcf3@www.circlenet.us>
From: =?UTF-8?Q?Dani=C3=ABl_W=2E_Crompton?= <daniel.crompton@gmail.com>
Date: Wed, 13 Nov 2013 01:15:13 +0100
To: nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 12 November 2013 22:52, Sam Moats <sam@circlenet.us> wrote:
> We used to use a small perl script called tattle that would parse out the
> /var/log/secure on our *nix boxes, isolate the inbound ssh exploits, look=
up
> the proper abuse contacts and report them. I haven't seen anything simila=
r
> in years but it would be interesting to do more than null route IPs.
We also used to have a script which did something similar but for more than
just inbound ssh, for the most part this was ineffective.
D.
blaze your trail
--=20
Dani=C3=ABl W. Crompton <daniel.crompton@gmail.com>
<http://specialbrands.net/>
<http://specialbrands.net/>
http://specialbrands.net/
<http://twitter.com/webhat>
<http://www.facebook.com/webhat><http://plancast.com/webhat><http://www.lin=
kedin.com/in/redhat>
