Security Incidents mailing list archives

RE: Proper ISP Reporting

From: "Lepich, Jesse A Mr GLWACH" <Jesse.Austin.Lepich () us army mil>
Date: Tue, 16 Aug 2005 23:09:01 -0500

Below is what Dshield's FightBack system sends.
        
Hope this helps,
        Jesse Lepich


[snip]

Hi.

   A user of DShield.org, the Distributed Intrusion Detection System,
submitted a log excerpt which indicates a probe from one of your users.
 Please notify the user and take appropriate actions to avoid further
problems.

   Details (not all users submit flags and protocol):

   Source IP: SSS.SSS.SSS.SSS (port: 2239)
   Target IP: DDD.DDD.DDD.DDD (port: 445)
   Protocol: 6 (Flags: S )
   Time: 2005-01-29 14:54:08 (GMT)

   Hostname: SSS.SSS.SSS.SSS.xxx.xxxxxxxxx.xxx


   Sample logs as submitted:
     (not all submitters permit forwarding of the target IP. Some may be
      withheld or obfuscated by using '10' as first byte)

2005-01-29 14:54:08 GMT SSS.SSS.SSS.SSS => DDD.DDD.DDD.DDD


   All Logs:
   http://www.dshield.org/ipdetails.php?ip= (Source IP + and ID code
that allows the reciepient to see the target IP)

   targets. This report includes one sample of these records.

   This report was submitted to Dshield.org by XXXXXXX () XXXXXX XXX

   For more information about DShield see http://www.dshield.org
   Please let us know if you would not like any further notices from
DShield.org
   or if you would prefer a different format.

   You have permission to share this information to facilitate a
solution
   of this problem.

    Thanks.

        fightback () dshield org
        http://www.dshield.org/fightback.html

IMPORTANT: If you require further assistance, please reply and add the
word 'URGENT' to the subject. Please include this full email in your
reply.

 [snip]

-----Original Message-----
From: Jason Burton [mailto:jab () leximedia net] 
Sent: Tuesday, August 16, 2005 9:02 PM
To: incidents () securityfocus com
Subject: Proper ISP Reporting

Anyone have samples of how to properly report to ISP's regarding abuse?
 
ie. What format the email should be in, sample phrases, or sentences
that might help. I've been doing this for a while and while some work,
some have not. Im wondering if anyone has examples.
 
Thanks
 
Jason Burton
Leximedia LLC
jab () leximedia net

Current thread:

Proper ISP Reporting Jason Burton (Aug 16)
- Re: Proper ISP Reporting chip (Aug 17)
- RE: Proper ISP Reporting Ramki B (Aug 17)
- Re: Proper ISP Reporting Rod Barnhart (Aug 17)
- Re: Proper ISP Reporting Valdis . Kletnieks (Aug 17)
- RE: Proper ISP Reporting Lyal Collins (Aug 17)
- <Possible follow-ups>
- Re: Proper ISP Reporting Brandon Butterworth (Aug 17)
  - Re: Proper ISP Reporting Leif Ericksen (Aug 19)
    - Re: Proper ISP Reporting Valdis . Kletnieks (Aug 22)
- RE: Proper ISP Reporting Lepich, Jesse A Mr GLWACH (Aug 17)
- RE: Proper ISP Reporting McKinley, Jackson (Aug 18)
  - RE: Proper ISP Reporting Scott Fuhriman (Aug 19)
    - Re: Proper ISP Reporting Dennis Willson (Aug 22)
- RE: Proper ISP Reporting Swen Wulf (Aug 19)