RE: Proper ISP Reporting

From: Lepich, Jesse A Mr GLWACH (Jesse.Austin.Lepich_at_us.army.mil)
Date: 08/17/05

  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: Proper ISP Reporting" 
    Date: Tue, 16 Aug 2005 23:09:01 -0500
To: "Jason Burton" <jab@leximedia.net>, <incidents@securityfocus.com>

    Below is what Dshield's FightBack system sends.
            
    Hope this helps,
            Jesse Lepich

    [snip]

    Hi.

       A user of DShield.org, the Distributed Intrusion Detection System,
    submitted a log excerpt which indicates a probe from one of your users.
     Please notify the user and take appropriate actions to avoid further
    problems.

       Details (not all users submit flags and protocol):

       Source IP: SSS.SSS.SSS.SSS (port: 2239)
       Target IP: DDD.DDD.DDD.DDD (port: 445)
       Protocol: 6 (Flags: S )
       Time: 2005-01-29 14:54:08 (GMT)

       Hostname: SSS.SSS.SSS.SSS.xxx.xxxxxxxxx.xxx

       Sample logs as submitted:
         (not all submitters permit forwarding of the target IP. Some may be
          withheld or obfuscated by using '10' as first byte)

    2005-01-29 14:54:08 GMT SSS.SSS.SSS.SSS => DDD.DDD.DDD.DDD

       All Logs:
       http://www.dshield.org/ipdetails.php?ip= (Source IP + and ID code
    that allows the reciepient to see the target IP)

       targets. This report includes one sample of these records.

       This report was submitted to Dshield.org by XXXXXXX@XXXXXX.XXX

       For more information about DShield see http://www.dshield.org
       Please let us know if you would not like any further notices from
    DShield.org
       or if you would prefer a different format.

       You have permission to share this information to facilitate a
    solution
       of this problem.

        Thanks.

            fightback@dshield.org
            http://www.dshield.org/fightback.html

    IMPORTANT: If you require further assistance, please reply and add the
    word 'URGENT' to the subject. Please include this full email in your
    reply.

     [snip]

    -----Original Message-----
    From: Jason Burton [mailto:jab@leximedia.net]
    Sent: Tuesday, August 16, 2005 9:02 PM
    To: incidents@securityfocus.com
    Subject: Proper ISP Reporting

    Anyone have samples of how to properly report to ISP's regarding abuse?
     
    ie. What format the email should be in, sample phrases, or sentences
    that might help. I've been doing this for a while and while some work,
    some have not. Im wondering if anyone has examples.
     
    Thanks
     
    Jason Burton
    Leximedia LLC
    jab@leximedia.net

  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: Proper ISP Reporting"