Security Incidents mailing list archives
Positive response from provider re: incident report
From: Sean Brown <srbrown () APPGEO COM>
Date: Thu, 8 Feb 2001 16:20:00 -0500
It's nice to occasionally get a response like the one below. After five months, I'm surprised they even bothered to get back to me. Let's hope this teaches them a lesson and they never do it again...yeah, right ;-) -- ~~~~~~~~~~~~~~~ Sean R. Brown - srbrown () appgeo com System Administrator Applied Geographics, Inc. Boston, MA
-------- Original Message -------- Subject: MailID: 1254775 RE: Netabuse / Network scan detect Date: Thu, 8 Feb 2001 14:22:43 -0700 (MST) From: "Bellsouth.Net ABUSE" <abuse () bellsouth net> To: srbrown () nyx net Thank you for taking your time to contact BellSouth Internet Service. We appreciate the opportunity to address your concerns because it is our goal to provide the highest quality Internet service available. In accordance with BellSouth Internet Service's Acceptable Use Policy, this customer's BellSouth Internet Service account is no longer active. Again, thank you for your time and for this opportunity to help you resolve this issue. Amie abuse () bellsouth net ----------Original Message---------- Greetings, On Oct 28 10:21:40 GMT-4 we detected a scan of TCP port 21 (FTP) in part of our network. This scan appears to have originated from 208.61.44.215 (adsl-61-44-215.mia.bellsouth.net). Log Entries: ============ Oct 28 10:21:40 zion snort[23136]: spp_portscan: PORTSCAN DETECTED from 208.61.44.215 (STEALTH) Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN: 208.61.44.215:21 -> x.y.z.100:21 Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN: 208.61.44.215:21 -> x.y.z.101:21 Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN: 208.61.44.215:21 -> x.y.z.102:21 Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN: 208.61.44.215:21 -> x.y.z.104:21 Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN: 208.61.44.215:21 -> x.y.z.103:21 Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN: 208.61.44.215:21 -> x.y.z.106:21 Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN: 208.61.44.215:21 -> x.y.z.105:21 Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN: 208.61.44.215:21 -> x.y.z.107:21 Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN: 208.61.44.215:21 -> x.y.z.110:21 Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN: 208.61.44.215:21 -> x.y.z.120:21 Oct 28 10:21:41 zion snort[23136]: IDS198 - SCAN-SYN FIN: 208.61.44.215:21 -> x.y.z.125:21 Oct 28 10:21:54 zion snort[23136]: spp_portscan: portscan status from 208.61.44.215: 11 connections across 11 hosts: TCP(11), UDP(0) STEALTH Oct 28 10:21:58 zion snort[23136]: spp_portscan: End of portscan from 208.61.44.215: TOTAL time(1s) hosts(11) TCP(11) UDP(0) STEALTH
Current thread:
- Positive response from provider re: incident report Sean Brown (Feb 10)
- <Possible follow-ups>
- Re: Positive response from provider re: incident report Mark Challender (Feb 10)
- Re: Positive response from provider re: incident report Dave Salovesh (Feb 12)