Reply to post:

Obama says USA has world's biggest and best cyber arsenal

Anonymous Coward
Anonymous Coward

The drops on my firewall logs are from all over. Although the University of Michigan has taken a dislike to me for some reason

I have pretty long timeouts on my fail2ban scripts, so if something shows up more than twice I know it's targeted and have a full scan of /var/log to see what else that IP address has been up to and who it is. If it's a US or Chinese hosting company I tend to blacklist their entire IP range.

That said, I have found many companies quite responsive to a heads up because in some cases it's evident the wannabe hacker is using their server to act as a script proxy so it must be breached. They generally get one warning. If they show up again they get told they'll be billed for my time (not that I would or even could without a court case AFAIK, but for some reason that seems to wake people up).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021