Solved

Which DNS authority to report to

Posted on 2011-02-20
4
270 Views
Last Modified: 2012-05-11
Hi there,
Running server 2008 domain.  Running TS Webaccess so that my users can work on a couple of databases. A couple of users try to abuse the system.  I know the IP addresses.  What should be done at this point.  What is the best option for me.  Which DNS authority to report to?
Imagining that thir ISP is doing nothing.  Any help in this regard would be appreciated.
Thanks
0
Comment
Question by:amanzoor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 250 total points
ID: 34939773
You don't report to DNS authority.  You go to the ISP that has delagated the IP address.  You can go to ARIN at:

     https://www.arin.net/abuse.html

Search on hackers and see their recommendations.
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 250 total points
ID: 34949344
normally you would do a whois on the user ip and report to their isp - but you would *also* (unless you believe one of your users share an isp) block the entire IP block for that ISP at the firewall.

I would be surprised if the report does anything though - I have blocked the whole of china (upwards of 200 attacks seen per day, with no response from isps) and have at least 20 other blocks of IPs on the list.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 34949367
other common approaches -

move TS to a port above 5000 - most attackers try only "common" ports, and this will reduce your attack profile almost instantly.

make sure you are using ssl certificates for your RDP - again, makes it harder for the attacker, and many will either move on, or not recognise the TS is there.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 34960566
Thanks Guys:
I really appreciate your time, I like the idea of blocking onto the firewall and using ssl.
THanks once again.
0

Featured Post

Are You Ransomware's Next Victim?

Worried about ransomware attacks hitting your organization?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with WatchGuard Total Security!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question