[TriLUG] bad address list

[Cristóbal Palmer]

On Thu, Jan 28, 2010 at 5:20 PM, Ralph Blach <chipperb at nc.rr.com> wrote:
> To whom would I report the attacks.

Assuming you're using denyhosts, there's a config file setting, and it
tells you the server that it's pointing to for doing the reporting.
Honestly unless you're using an automatic tool like that, it's pretty
useless to report breakin attempts. I could think of exceptions. Eg.
if the attempt is coming from a host that I know to belong to a friend
or client. Seriously though: don't bother reporting attacks.

Furthermore, IP addresses can and often do change hands, so blocking
for any considerable length of time (more than 10 hours, say) is not
terribly useful. Brute force attacks can't possibly succeed when they
only get 15 tries every 10 hours unless you have a hideously insecure
password.

Ah, and one more tip: don't allow password logins if you don't need
to. Set up keys and only allow key-based logins. Make sure you have
decent backups for the private key and do not copy the private key to
any shared machine. I suggest quality optical media in a fire safe or
a box at the bank.

Cheers,
-- 
Cristóbal M. Palmer
ibiblio.org systems
cdla.unc.edu research assistant