[Gllug] Router under attack: help/advice needed
Andrew Farnsworth
farnsaw at stonedoor.com
Wed Sep 30 14:08:01 UTC 2009
On Wed Sep 30 5:39 , TM <tm at tm.uklinux.net> sent:
>My home broadband router has started telling me I am under attack over 2
>weeks ago. It looks like a DDoS attack (multiple IPs, same port, sort of
>thing).
My server receives SSH login attempts on a regular basis. These are dictionary
attacks against various usernames and have not succeeded in gaining access to my
system. However, I do regularly report these back to the ISP/Company who owns
the IP address in question with various levels of response. Any ISP/Company in
china or Russia... don't bother to contact. Any large ISP or any source in a
country with a CERT (Computer Emergency Response Team) it is worth reporting to
them. They might not actually do anything but it is a data point for their
systems. I have received a few attacks from places like the Amazon Cloud (S3)
and they respond seriously and correctly to these instances. I have even
received a few attacks from individual companies including one from a prominent
gov't contractor (not going to name names) and they were grateful for the
information. I would guess my response rate from ISP/companies has been about
40% overall for these attacks though they never do follow up with me to let me
know what they found so don't expect that.
Another option is to just ignore them as you are more than likely not at risk if
your router / firewall is locked down and you are not forwarding ports to a
computer inside the firewall and you don't have any servers in a DMZ.
Andy
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list