Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Template Admin Notification

From: Glenn Forbes Fleming Larratt <glratt () IO COM>
Date: Wed, 24 Jan 2001 14:39:23 -0600
On Wed, 24 Jan 2001, Alfred Huger wrote:


Does anyone on the list have a default template email they use to notify
admins of attacks from their networks?


We send:
================================================================

Suject: Network abuse from {IP_number}

Sirs,

        Enclosed below please find logs of an attempt to probe our
        network using {well_known_service_name_or_other_description}.

        We have, as a temporary security measure, blocked access
        from this netblock into our network. Please advise us what
        action you will be taking to prevent this from happening again.
        Please reply so that we may take steps to remove the block.

        The timestamps in our logs are from the *mumble* Time Zone, which
        is:

        - ### (GMT #####) from 2 a.m. the first Sunday of April
        through 2 a.m. the last Sunday of October (Daylight Saving
        Time);
        - ### (GMT #####) during the rest of the year (Standard Time).

Sincerely,
--
                                Network Management Department
================================================================
...and then append (a) the applicable IP address space registration from
ARIN or elsewhere, and (b) the complete logs of the scan or other abuse.

        -g



I would be interested in seeing them posted to the list (or to myself
directly if that's not possible).

Cheers,
-al

"Vae Victis"
SecurityFocus.com



--
Glenn Forbes Fleming Larratt         The Lab Ratt (not briggs :-)
glratt () io com                        http://www.io.com/~glratt
There are imaginary bugs to chase in heaven.
Previous By Date Next
Previous By Thread Next

Current thread: