Security Incidents mailing list archives
Re: Proper ISP Reporting
From: Brandon Butterworth <brandon () rd bbc co uk>
Date: Wed, 17 Aug 2005 08:20:56 +0100 (BST)
ie. What format the email should be in, sample phrases, or sentences that might help.
Keep it neutral, simple and informative. Don't threaten or tell them how evil they are, you want their cooperation Only tell them about things they can do something about Include all evidence, don't anonymise it. If you don't understand the evidence research it first, it may not be their fault. Ask the vendor of whatver tool reported the problem - you paid them not the ISP so they should be your first call.
I've been doing this for a while and while some work, some have not. Im wondering if anyone has examples.
We get lots from people running scripts automatically. Almost all are a waste of our time and may cause us to miss a genuine report. Common useless reports include - Reporting 419s or spam that refer to our web sites or include our domains/ip addresses as strings in the headers. The 419ers are dumb enough to send the same scams to us so we don't need you to tell us what they sent you. Reporting viruses we didn't send - doubly annoying to those of us not running commonly susceptible systems, we get the virus anyway from people forwarding or bouncing them to us. If your AV system doesn't know a virus forges the sender then get a new one as it's broken, if it emails a forged sender then disable all email to third parties as your reports will be still be ignored should you eventually get a proper one. Reporting our web site/dns server/streaming media server dossed you with 3 packets, is trying to take over your computer, probed your firewall, invaded your privacy. regards, brandon
Current thread:
- Proper ISP Reporting Jason Burton (Aug 16)
- Re: Proper ISP Reporting chip (Aug 17)
- RE: Proper ISP Reporting Ramki B (Aug 17)
- Re: Proper ISP Reporting Rod Barnhart (Aug 17)
- Re: Proper ISP Reporting Valdis . Kletnieks (Aug 17)
- RE: Proper ISP Reporting Lyal Collins (Aug 17)
- <Possible follow-ups>
- Re: Proper ISP Reporting Brandon Butterworth (Aug 17)
- Re: Proper ISP Reporting Leif Ericksen (Aug 19)
- Re: Proper ISP Reporting Valdis . Kletnieks (Aug 22)
- Re: Proper ISP Reporting Leif Ericksen (Aug 19)
- RE: Proper ISP Reporting Lepich, Jesse A Mr GLWACH (Aug 17)
- RE: Proper ISP Reporting McKinley, Jackson (Aug 18)
- RE: Proper ISP Reporting Scott Fuhriman (Aug 19)
- Re: Proper ISP Reporting Dennis Willson (Aug 22)
- RE: Proper ISP Reporting Scott Fuhriman (Aug 19)
- RE: Proper ISP Reporting Swen Wulf (Aug 19)