"Mark Palmer, CCNA" wrote: > > I have been logging these attempts on our Outlook Web Access server. > > I then attempt a WHOIS lookup on the source ip. I then send a nicely worded > email to any and all contacts that show up on the WHOIS search. > > I have had some "success" with the contacts responding with thanks or > reporting that the server had been taken off-line. I think we need to help > each other out and report these attacks as we can. I hope that if any of > our severs are "caught" doing these attacks that others would contact me > regarding the "offense". > > All of this is time-consuming but IMHO worth it.
I agree about the necessity, but not the need to consume my time. See http://www.treachery.net/~jdyson/earlybird/ -- John Oliver System Administrator hosting.com, an Allegiance Telecom company mailto:[EMAIL PROTECTED] (858) 637-3600 http://www.hosting.com/