-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey folks,

I've been a bit of a long time lurker on this list, but I've recently
come up with a bit of a problem. Somebody, somewhere out on the 'net is
attempting to crack into my home server -- unfortunately, they seem to
be either using a few hundred zombie boxen on the 'net or spoofing their
IP addresses because each attack is coming from a completely different IP.

The first time I noticed, I noticed a bunch of "Illegal user" error
messages in /var/log/auth.log. At first I didn't think much of it, but
since I've worked on the iptables firewall, I've noticed an almost
constant stream of incoming packets to random ports on my box, too.

At first I thought he must have just found my box via an IP subnet scan
or something, but when I recently changed ISPs and IP addresses, he
followed via my domain name.

My question is this: how can I track down this guy, blacklist, or
prevent him from breaching my defenses? Also, what should I do about
reporting him to the authorities? Who do should I contact about this?

I've tried looking up his various IPs in the whois databases to no avail
- -- they list him as coming from Tokyo, Taiwan, South Africa, San 
Diego, etc.

My server is running Debian Linux, for reference.

- --
June Tate * http://www.theonelab.com * june@theonelab.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBthH8iLw1iDrV/zwRAiCeAJwPPONOvIGvZoz9adMsUn0hrLFsGgCfUEO5
KP+6fLu8ghnczqPpFB2AEKc=
=1ye8
-----END PGP SIGNATURE-----
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss