RE: Proper ISP Reporting

From: Lepich, Jesse A Mr GLWACH (
Date: 08/17/05

  • Next message: "Re: Proper ISP Reporting"
    Date: Tue, 16 Aug 2005 23:09:01 -0500
    To: "Jason Burton" <>, <>

    Below is what Dshield's FightBack system sends.
    Hope this helps,
            Jesse Lepich



       A user of, the Distributed Intrusion Detection System,
    submitted a log excerpt which indicates a probe from one of your users.
     Please notify the user and take appropriate actions to avoid further

       Details (not all users submit flags and protocol):

       Source IP: SSS.SSS.SSS.SSS (port: 2239)
       Target IP: DDD.DDD.DDD.DDD (port: 445)
       Protocol: 6 (Flags: S )
       Time: 2005-01-29 14:54:08 (GMT)


       Sample logs as submitted:
         (not all submitters permit forwarding of the target IP. Some may be
          withheld or obfuscated by using '10' as first byte)

    2005-01-29 14:54:08 GMT SSS.SSS.SSS.SSS => DDD.DDD.DDD.DDD

       All Logs: (Source IP + and ID code
    that allows the reciepient to see the target IP)

       targets. This report includes one sample of these records.

       This report was submitted to by XXXXXXX@XXXXXX.XXX

       For more information about DShield see
       Please let us know if you would not like any further notices from
       or if you would prefer a different format.

       You have permission to share this information to facilitate a
       of this problem.



    IMPORTANT: If you require further assistance, please reply and add the
    word 'URGENT' to the subject. Please include this full email in your


    -----Original Message-----
    From: Jason Burton []
    Sent: Tuesday, August 16, 2005 9:02 PM
    Subject: Proper ISP Reporting

    Anyone have samples of how to properly report to ISP's regarding abuse?
    ie. What format the email should be in, sample phrases, or sentences
    that might help. I've been doing this for a while and while some work,
    some have not. Im wondering if anyone has examples.
    Jason Burton
    Leximedia LLC

  • Next message: "Re: Proper ISP Reporting"