From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <gentoo-user-return-95074-arch-gentoo-user=gentoo.org@lists.gentoo.org> Received: (qmail 27181 invoked from network); 6 Dec 2004 19:19:27 +0000 Received: from smtp.gentoo.org (156.56.111.197) by lists.gentoo.org with AES256-SHA encrypted SMTP; 6 Dec 2004 19:19:27 +0000 Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org) by smtp.gentoo.org with esmtp (Exim 4.41) id 1CbOON-0003or-91 for arch-gentoo-user@lists.gentoo.org; Mon, 06 Dec 2004 19:19:27 +0000 Received: (qmail 22226 invoked by uid 89); 6 Dec 2004 19:19:10 +0000 Mailing-List: contact gentoo-user-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: <mailto:gentoo-user@gentoo.org> List-Help: <mailto:gentoo-user-help@gentoo.org> List-Unsubscribe: <mailto:gentoo-user-unsubscribe@gentoo.org> List-Subscribe: <mailto:gentoo-user-subscribe@gentoo.org> List-Id: Gentoo Linux mail <gentoo-user.gentoo.org> Reply-To: gentoo-user@lists.gentoo.org X-BeenThere: gentoo-user@gentoo.org Received: (qmail 6249 invoked from network); 6 Dec 2004 19:19:10 +0000 From: fire-eyes <sgtphou@fire-eyes.dynup.net> Reply-To: sgtphou@fire-eyes.dynup.net To: gentoo-user@lists.gentoo.org In-Reply-To: <200412062012.23591.mailing-gentoo@sailorferris.com> References: <200412062012.23591.mailing-gentoo@sailorferris.com> Content-Type: text/plain Organization: - Date: Mon, 06 Dec 2004 14:19:07 -0500 Message-Id: <1102360747.1569.3.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 Content-Transfer-Encoding: 7bit Subject: Re: [gentoo-user] Brutal force attack X-Archives-Salt: 9c91ed34-8f0a-4e21-88c1-e5ed86ae380e X-Archives-Hash: 045dad78e487871aa710bd8431662cfd On Mon, 2004-12-06 at 20:12 +0100, Luigi Pinna wrote: > I read now from my logs that there is someone who try to login in my > computer. > He uses always dynamic ip address or in every case he changes his ip > everyday. > What can I do? > I have all the ip but it is first time that I see an attack versus me > Thanks for the tips > Luigi Assuming they are not spoofed IP's, then you need to contact the owner of those IP's. The whois command (shell, not irc) will help you here. But don't expect much help, most networks view stopping such attacks as a waste of their money. The next best thing to do would be to talk to your own service provider. Unfortunately, most of the time they will have zero clue what in the heck you are talking about. In the end you'll probably have to take it into your own hands, put up a firewall, etc. Of course, a firewall won't help much if the attack is so heavy it eats up your bandwidth. Good luck, this is never easy. -- fire-eyes <sgtphou@fire-eyes.dynup.net> - -- gentoo-user@gentoo.org mailing list