13 Nov
2013
13 Nov
'13
12:16 a.m.
On Tue, Nov 12, 2013 at 10:03 PM, William Herrin <bill@herrin.us> wrote:
Now it would be trivial to setup syslog and sshd to give only the sessions that complete the handshake, however I'm also not sure how responsive some of the abuse contacts may be. I'll keep my restrictive network settings for the time being.
That's the main problem: you can generate the report but if it's about some doofus in Dubai what are the odds of it doing any good?
And then we're right back to sending the offending packets to a black hole. *sigh*