Security Incidents mailing list archives
Re: Handling Scans.
From: Justin Shore <macdaddy () NEO PITTSTATE EDU>
Date: Wed, 14 Feb 2001 15:43:22 -0600
On 2/14/01 6:43 AM John Nemeth said...
On Jul 5, 10:27am, Richard Johnson wrote: } } Also, avoid threatening language or mention of law[yers], as many who } receive your reports can't talk to you if you say things like that -- they } have to refer your message to their lawyers instead. In such cases, you } might as well not waste your time. This is very important. Anything that I receive that is threating in any way, demanding, just generally rude, etc., is immediately tossed into the bit bucket without a second thought. Remember that a human is reading the complaint and deserves to be be treated with respect. The point that was above abought having detailed information is also important. If there is insufficient information in a complaint for me to determine what happended and wether the complaint is valid, I will bit bucket it. The biggest problem here is a complaint about e-mail or usenet abuse. Those absolutely must have an example that has a complete set of headers or else forget it.
Exactly. Give them the full details and be nice about it. If they go balistic on you, then you can get hostile; one up them and go to there provider. Lately a lot of the spam I receive has been from open relays. I usually dig through the headers and report the spam to the owner of the server that handed the message off to me. I also check to see if it's an open relay (especially if they report a FQDN that matches the IP I resolve by hand). If they are open, I dig a level deeper and report the spam to whomever handed it to that open relay. I also give an FYI to the owner of the misconfigured machine acting as an open relay, being nice of course, just a friendly heads up. I don't report them to ORBS or MAPS. I just let them deal with it. Now if I suddenly received 20 pieces of spam from that open relay and reported it to them a few days earlier, I might esculate that a bit--inform them again and their provider, etc.... That gets you farther than something like "You're stupid! You can't even configure Sendmail properly so you shouldn't be a sysadmin!". :) Justin -- Justin Shore Pittsburg State University Network & Systems Manager Kelce 157Q Office of Information Systems Pittsburg, KS 66762 Voice: (620) 235-4606 Fax: (620) 235-4545 http://www.pittstate.edu/ois/ Warning: This message has been quadruple Rot13'ed for your protection.
Current thread:
- Re: Handling Scans., (continued)
- Re: Handling Scans. Booke, Raymond (Feb 12)
- Re: Handling Scans. Reeves, Mike (Feb 12)
- Re: Handling Scans. Timothy Lyons (Feb 12)
- Re: Handling Scans. Guillaume Filion (Feb 12)
- Re: Handling Scans. Abe Getchell (Feb 13)
- Re: Handling Scans. Reeves, Mike (Feb 13)
- Re: Handling Scans. Reeves, Mike (Feb 13)
- Re: Handling Scans. Valdis Kletnieks (Feb 13)
- Re: Handling Scans. John Nemeth (Feb 14)
- Re: Handling Scans. John Nemeth (Feb 14)
- Re: Handling Scans. Justin Shore (Feb 14)
- Re: Handling Scans. John Oliver (Feb 14)