> Hi there, > > I know this is not the correct forum to ask this question, but I have to > start somewhere....... > > I have a friend with a linux firewall box. > There appears to be a very simple minded hacker trying to do simple ssh > password attacks on this box. > > I have been using whois and reporting this to each ISP he/she is coming > from > but he/she just breaks into a different machine on an new ISP and tries > again. > > Is there something more I can do to track this person down? > Thanks. As others have said, it's more than likely script kiddy on a compromised machine. A recent thread on the Fedora-test list had a really cool set of firewall rules to fight this. Check out https://www.redhat.com/archives/fedora-test-list/2005-August/msg00082.html for the rule. Thomas
