+John Teacake MVC Posted November 26, 2014 MVC Share Posted November 26, 2014 What is the best way of sending automated abuse messages to the whois address of the attacking servers, say for example SSH? Thoughts Link to comment Share on other sites More sharing options...
The Evil Overlord Posted November 26, 2014 Share Posted November 26, 2014 Hire a 'no life' scumbag team to send emails all day long... Oh wait Link to comment Share on other sites More sharing options...
+BudMan MVC Posted November 26, 2014 MVC Share Posted November 26, 2014 Do really think the isp in china are going to give a crap? ;) Link to comment Share on other sites More sharing options...
+LogicalApex MVC Posted November 27, 2014 MVC Share Posted November 27, 2014 Do really think the isp in china are going to give a crap? ;) I'm sure they route all emails to their abuse address to /dev/null :shiftyninja: Link to comment Share on other sites More sharing options...
+BudMan MVC Posted November 27, 2014 MVC Share Posted November 27, 2014 So where are the hits coming from on your new honeypot? The one I setup on the host you gave me from the beta pretty much all look like china to me ;) Not sure why that top hitter is not showing up - but yeah that is Hong Kong ;) AS Name: HEETHAILIMITED-AS-AP HEE THAI LIMITED,HK Network: 103.41.124.0/24 (103.41.124.0-103.41.124.255) 103.41.125.0 It completely pointlesss to send anything to these isps, I would be surprised if abuse even open to send email too ;) What is funny, is you would think the china firewall would block this sort of traffic, really easy to tunnel traffic through a ssh connection, and then get to stuff they would want blocked, etc. ;) The MX one is a bit odd... Gerowen 1 Share Link to comment Share on other sites More sharing options...
Recommended Posts