Check out https://dshield.org/howto.html for a central place to submit attempts...
Some useful pages: https://dshield.org/reports.html https://dshield.org/sources.html As many sources can be anonymous, it's easy for hosts to be on someones lists from either spoofed or replies to spoofed ips, etc... and so shouldn't be used as a blacklist, at least not exclusively. (ie: wouldn't want to block port 80 based on this for a public web server) ----- Original Message ----- > From: "hansel" <han...@mnstate.edu> > To: SCIENTIFIC-LINUX-USERS@FNAL.GOV > Sent: Sunday, February 8, 2015 12:41:56 PM > Subject: Is there any data base collecting data on breakin attempts? > > I accept it as normal many (upwards of several thousand) daily root > breaking attempts. My defense is careful sshd configuration and > restrictive incoming router firewall. > > Does anyone mantain a database of consistently offending sites (maybe > a > news source, such as politico or propublica)? Initial use of whois > and dig > for a few returned familiar countries of origin, coutries that may > encourage or even sponsor some attempts. > > I searched the archive for "breakin" and "failed" with an without > subject > line qualifiers (like "root") and found nothing. > > Thank you. > mark hansel >
