On 2004-10-26, Huge <huge@ukmisc.org.uk> wrote:

> Once upon a time, the 'net was run by Syadmins With Clue, and reporting
> these people to their ISP (or more often, college) resulted in
> appropriate LARTing.
>
> These days, no-one gives a shit.
>
> I stopped bothering a long time ago.


Not totally true. I've had a good deal of attacks on sshd. One of the worst
was a brute-force of over 12 minutes long. Pissed, I reported it. I got back a
mail some days later from the admin of the network in question saying he had
terminated the guy's account. Other times the owners knew nothing of their own
compromise and thanked me for at least letting them know. So, sometimes it
does works. Of course, others I think their abuse address is connected to
/dev/null. I keep it short and polite, only including the relevent logs in the
mail. Chinanet and Kornet, .kr, .jp- don't both: never any reply. I started
dropping all traffic from those netblocks in those places were I had received
an attack from. For the iptables log prefix, I write a short note what the
block was for. You should see my firewall logs; they look like a blow-by-blow
sports commentary now.

--
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++