Security Incidents mailing list archives

Positive response from provider re: incident report

From: Sean Brown <srbrown () APPGEO COM>
Date: Thu, 8 Feb 2001 16:20:00 -0500

It's nice to occasionally get a response like the one below.  After five
months, I'm surprised they even bothered to get back to me.  Let's hope
this teaches them a lesson and they never do it again...yeah, right ;-)

--
~~~~~~~~~~~~~~~
Sean R. Brown - srbrown () appgeo com
System Administrator   Applied Geographics, Inc.   Boston, MA

-------- Original Message --------
Subject: MailID: 1254775 RE: Netabuse / Network scan detect
Date: Thu, 8 Feb 2001 14:22:43 -0700 (MST)
From: "Bellsouth.Net ABUSE" <abuse () bellsouth net>
To: srbrown () nyx net


Thank you for taking your time to contact BellSouth Internet Service.  We
appreciate the opportunity to address your concerns because it is our goal
to provide the highest quality Internet service available.

In accordance with BellSouth Internet Service's Acceptable Use Policy, this
customer's BellSouth Internet Service account is no longer active.

Again, thank you for your time and for this opportunity to help you resolve this
issue.

Amie
abuse () bellsouth net

----------Original Message----------

Greetings,
On Oct 28 10:21:40 GMT-4 we detected a scan of TCP port 21 (FTP)
in part of our network.  This scan appears to have originated from
208.61.44.215 (adsl-61-44-215.mia.bellsouth.net).

Log Entries:
============
Oct 28 10:21:40 zion snort[23136]: spp_portscan: PORTSCAN DETECTED from
208.61.44.215 (STEALTH)
Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN:
208.61.44.215:21 -> x.y.z.100:21
Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN:
208.61.44.215:21 -> x.y.z.101:21
Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN:
208.61.44.215:21 -> x.y.z.102:21
Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN:
208.61.44.215:21 -> x.y.z.104:21
Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN:
208.61.44.215:21 -> x.y.z.103:21
Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN:
208.61.44.215:21 -> x.y.z.106:21
Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN:
208.61.44.215:21 -> x.y.z.105:21
Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN:
208.61.44.215:21 -> x.y.z.107:21
Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN:
208.61.44.215:21 -> x.y.z.110:21
Oct 28 10:21:40 zion snort[23136]: IDS198 - SCAN-SYN FIN:
208.61.44.215:21 -> x.y.z.120:21
Oct 28 10:21:41 zion snort[23136]: IDS198 - SCAN-SYN FIN:
208.61.44.215:21 -> x.y.z.125:21
Oct 28 10:21:54 zion snort[23136]: spp_portscan: portscan status from
208.61.44.215: 11 connections across 11 hosts: TCP(11), UDP(0) STEALTH
Oct 28 10:21:58 zion snort[23136]: spp_portscan: End of portscan from
208.61.44.215: TOTAL time(1s) hosts(11) TCP(11) UDP(0)
STEALTH

Current thread:

Positive response from provider re: incident report Sean Brown (Feb 10)
- <Possible follow-ups>
- Re: Positive response from provider re: incident report Mark Challender (Feb 10)
- Re: Positive response from provider re: incident report Dave Salovesh (Feb 12)