Re: Template Admin Notification

["Irwin R. Naumann" <irwin () THINKAGE CA>]

> From owner-incidents () SECURITYFOCUS COM  Thu Jan 25 13:18:06 2001
> Approved-By: ah () SECURITYFOCUS COM
> Delivered-To: incidents () lists securityfocus com
> Delivered-To: INCIDENTS () SECURITYFOCUS COM
> MIME-Version: 1.0
> Content-Type> : > text/plain> ; > charset=us-ascii>
> Date:         Thu, 25 Jan 2001 06:47:20 -0800
> Reply-To: Tim <timv2000 () YAHOO COM>
> Sender: Incidents Mailing List <INCIDENTS () SECURITYFOCUS COM>
> From: Tim <timv2000 () YAHOO COM>
> Subject:      Re: Template Admin Notification
> To: INCIDENTS () SECURITYFOCUS COM
> Content-Length: 1336
>
> IMHO, If you're really serious about helping stop whoever is attacking
> you, rather than ckecking the "I tried to contact them" box, you should be
> using other than e-mail to contact someone who's host sends malicious
> traffic at your site.
>
> 1.  You are most likely seeing traffic from a compromised system.
>
> 2.  If you suspect that the system is compromised, whoever compromised the
> system may see or intercept your email message giving them ample
> opportunity to clean up after themselves.
>
> 3.  Even if whois doesn't have a phone number, it only takes about 2 more
> minutes to find one.
>
> 4.  The fact that you took the time to call sends the message that this
> matters to you, and that you care about your system's security far more
> strongly than a form letter.
>
> Tim

Tim, what do you do when there's:

i) a language barrier?
i.e. traffic originates from <country-whose-language-you-can't-communicate-in>

or

ii) there's a huge difference in time zones?
i.e. Australia and North American Eastern time.

I don't know about you but my boss wouldn't be too pleased about footing
a long distance call to Australia, Singapore, Hong Kong, Japan, Europe, ...

  Irwin