On Monday 15 August 2005 10:11, Rick Lim wrote: > Hi there, > > I know this is not the correct forum to ask this question, but I > have to start somewhere....... > > I have a friend with a linux firewall box. > There appears to be a very simple minded hacker trying to do > simple ssh password attacks on this box. > > I have been using whois and reporting this to each ISP he/she is > coming from but he/she just breaks into a different machine on an > new ISP and tries again. > > Is there something more I can do to track this person down? What makes you think it's the same person. There are a number of ssh worms that are being used to attack on port 22, see: ( http://dshield.org/port_report.php?port=22&recax=1&tarax=2&srcax=2&percent=N&days=40&Redraw= ) for reports of current port probes. You may want to submit your firewall logs to: http://dshield.org/howto.php Regards, Mike Klinke
