Security Incidents mailing list archives
Re: Template Admin Notification
From: Martin Hoz Salvador -CITI Soporte <mhoz () CITI CITI COM MX>
Date: Wed, 24 Jan 2001 13:55:27 -0600
Does anyone on the list have a default template email they use to notify admins of attacks from their networks?
Actually this sounds to me as an alreadY asked question. May be not in this forum. Please try to search in the firewall-1 mailing list (www.securepoint.com/fw1) or the firewalls@gnacs mailing list archives (I don't remember the URL for this archive, since I'm not in my own machine I don't have URL's nor documents about this, sorry). I posted there my own notification mail template, that one in spanish and english , due I'm in Mexico. :-)
I would be interested in seeing them posted to the list (or to myself directly if that's not possible).
Basicaly, things I think a notification letter should contain, are: - Polite language: keep in mind "the other" sysadmin may have no time to check security issues, or even there's not a securitY function in the area. or even worse, the other sysadmin doesn't have any knowledge about security. - PGP SIGNED. This is serious. - Source Ip's, ports, destination ips and ports, giving times (start and ending times), giving also the timezone (this is pretty important). - How did you realized about the attack (IDS, firewall logs, casuality, etc...) - The kind of attack you think are dealing with... - A message saying "I could help you if you want. Let me know if that's the case". And of course, be ready to back this statement. ;-) Important: If you don't get an answer in a reasonable time (i.e. 2 or 3 days), resend the message, and this time, send a copy to the carrier of your "attack source". You can fiugure out this using traceroute and whois. :-) Hope this helps. :-) Best regards. -- Martin Humberto Hoz Salvador Information Security Consultant (ISS ICU, Check Point CCSE) Corporacion en Investigacion Tecnologica e Informatica SA de CV Sendero Sur 285-A Col. Contry, Monterrey Nuevo Leon 64860, Mexico Phone: +(52)(8) 357-2267 x135 Fax: +(52)(8) 357-8047 E-mail: mhoz () citi com mx WWW: http://www.citi.com.mx PGPKey ID: 0x0454E8D9 ICQ Number: 31631540
Current thread:
- Template Admin Notification Alfred Huger (Jan 24)
- Re: Template Admin Notification) David Kennedy CISSP (Jan 24)
- Re: Template Admin Notification Martin Hoz Salvador -CITI Soporte (Jan 24)
- Re: Template Admin Notification Terje Bless (Jan 25)
- Re: Template Admin Notification Jose Nazario (Jan 25)
- Re: Template Admin Notification David Kennedy CISSP (Jan 25)
- Re: Template Admin Notification Valdis Kletnieks (Jan 25)
- Re: Template Admin Notification Terje Bless (Jan 25)
- Re: Template Admin Notification Jay D. Dyson (Jan 24)
- Re: Template Admin Notification Glenn Forbes Fleming Larratt (Jan 24)
- Re: Template Admin Notification Kent Engström (Jan 24)
- <Possible follow-ups>
- Re: Template Admin Notification Oxenreider, Jeff (Jan 24)
- Re: Template Admin Notification Irwin R. Naumann (Jan 24)
- Re: Template Admin Notification Robert G. Ferrell (Jan 24)
(Thread continues...)