Security Basics mailing list archives
Reporting Abuse tips?
From: dynetworks () hotmail com
Date: 4 May 2010 14:21:18 -0000
Hello group! Ive already read some things around the net-but wanted some real answers from people that have had to do it. Relating to incident response, how do you usually contact an offending host? And when you do, what do you usually say/not say? Now I know youre thinking Well that depends on whats happening!! So Ill give you one example to reply with (and youre free to run with more): I check logs for a few different clients and one had strange activity over the weekend. A lot of Active Directory query attempts as well as VNC attempts, RDP attempts, and other various queries (all denied). Basically it was a very thorough scan but I could see some intelligence on the other side. No need to go into depth on that yes, it could have been a well designed script, but Id rather not debate about that honestly. This went on for about an hour on Saturday morning, again at night, and for a few hours on Sunday. It all came from one IP address. After some more forensics, this same IP has done some pings, port scans in the past. I didnt consider this an incident, considering its the internet after all. The IP address is from America - so Im personally willing to devote some time into notifying the host and trying to make sure it doesnt happen again. I checked with the customer and they have never heard of this person/company. Now that weve got some context I have an email and phone number. How would you proceed? Thanks for any tips in advance! ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Reporting Abuse tips? dynetworks (May 05)
- Re: Reporting Abuse tips? Chris Lyon (May 06)
- Re: Reporting Abuse tips? Tisiphone (May 06)