Security Incidents mailing list archives
RE: Proper ISP Reporting
From: "Lepich, Jesse A Mr GLWACH" <Jesse.Austin.Lepich () us army mil>
Date: Tue, 16 Aug 2005 23:09:01 -0500
Below is what Dshield's FightBack system sends. Hope this helps, Jesse Lepich [snip] Hi. A user of DShield.org, the Distributed Intrusion Detection System, submitted a log excerpt which indicates a probe from one of your users. Please notify the user and take appropriate actions to avoid further problems. Details (not all users submit flags and protocol): Source IP: SSS.SSS.SSS.SSS (port: 2239) Target IP: DDD.DDD.DDD.DDD (port: 445) Protocol: 6 (Flags: S ) Time: 2005-01-29 14:54:08 (GMT) Hostname: SSS.SSS.SSS.SSS.xxx.xxxxxxxxx.xxx Sample logs as submitted: (not all submitters permit forwarding of the target IP. Some may be withheld or obfuscated by using '10' as first byte) 2005-01-29 14:54:08 GMT SSS.SSS.SSS.SSS => DDD.DDD.DDD.DDD All Logs: http://www.dshield.org/ipdetails.php?ip= (Source IP + and ID code that allows the reciepient to see the target IP) targets. This report includes one sample of these records. This report was submitted to Dshield.org by XXXXXXX () XXXXXX XXX For more information about DShield see http://www.dshield.org Please let us know if you would not like any further notices from DShield.org or if you would prefer a different format. You have permission to share this information to facilitate a solution of this problem. Thanks. fightback () dshield org http://www.dshield.org/fightback.html IMPORTANT: If you require further assistance, please reply and add the word 'URGENT' to the subject. Please include this full email in your reply. [snip] -----Original Message----- From: Jason Burton [mailto:jab () leximedia net] Sent: Tuesday, August 16, 2005 9:02 PM To: incidents () securityfocus com Subject: Proper ISP Reporting Anyone have samples of how to properly report to ISP's regarding abuse? ie. What format the email should be in, sample phrases, or sentences that might help. I've been doing this for a while and while some work, some have not. Im wondering if anyone has examples. Thanks Jason Burton Leximedia LLC jab () leximedia net
Current thread:
- Proper ISP Reporting Jason Burton (Aug 16)
- Re: Proper ISP Reporting chip (Aug 17)
- RE: Proper ISP Reporting Ramki B (Aug 17)
- Re: Proper ISP Reporting Rod Barnhart (Aug 17)
- Re: Proper ISP Reporting Valdis . Kletnieks (Aug 17)
- RE: Proper ISP Reporting Lyal Collins (Aug 17)
- <Possible follow-ups>
- Re: Proper ISP Reporting Brandon Butterworth (Aug 17)
- Re: Proper ISP Reporting Leif Ericksen (Aug 19)
- Re: Proper ISP Reporting Valdis . Kletnieks (Aug 22)
- Re: Proper ISP Reporting Leif Ericksen (Aug 19)
- RE: Proper ISP Reporting Lepich, Jesse A Mr GLWACH (Aug 17)
- RE: Proper ISP Reporting McKinley, Jackson (Aug 18)
- RE: Proper ISP Reporting Scott Fuhriman (Aug 19)
- Re: Proper ISP Reporting Dennis Willson (Aug 22)
- RE: Proper ISP Reporting Scott Fuhriman (Aug 19)
- RE: Proper ISP Reporting Swen Wulf (Aug 19)