Security Incidents mailing list archives
Re: How to cope with, uhm, "mentally challenged" abuse personnel?
From: Justin Shore <macdaddy () NEO PITTSTATE EDU>
Date: Tue, 6 Mar 2001 12:31:56 -0600
On 3/6/01 5:18 AM Ralf G. R. Bergs said...
On Sat, 3 Mar 2001 15:07:43 -0600, Blake Frantz wrote:A UU.net *router* was trying to communicate with one of our core routers via TCP on a wide range of arbitraty ports. When asked, UU.net responded with "The type of internet traffic you describe appears to be of normal origin." and referred me to RFC 792 (ICMP) - I almost fell off my chair. None theThis is the same thing they *always* do to me, and most scans I need to report are RPC and FTP scans.less, after we recieved their response the activity stopped. Purhaps this is the same in your case, a first level abuse manager sends out a generic email to passify wouldbe admins and escalates the incident. Just a thought.*Sometimes* the activity stopped, but I had some cases where the activity went on for days, so I had to black-hole that subnet. But that can't be an optimal solution, don't you agree? I can't start to blackhole everyone, because some day I hamper my users in their work... :-(
I've had to report probes to UUnet before. The best method I found was to first send the standard email with all the neccessary info (logs, description of the problem, etc...), wait 10 minutes, and then call them. I reference the email I sent and say that the problem is continuous and ask for a resolution. I usually have pretty good luck with that method. Probes from UUnet are almost as common as spam from UUnet. :( Justin -- Justin Shore, ES Pittsburg State University Network & Systems Manager Kelce 157Q Office of Information Systems Pittsburg, KS 66762 Voice: (620) 235-4606 Fax: (620) 235-4545 http://www.pittstate.edu/ois/ Warning: This message has been quadruple Rot13'ed for your protection.
Current thread:
- Re: How to cope with, uhm, "mentally challenged" abuse personnel?, (continued)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Utopian Admin (Mar 03)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Ralf G. R. Bergs (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Blake Frantz (Mar 03)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Ralf G. R. Bergs (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Gary Maltzen (Mar 04)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Ralf G. R. Bergs (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Nicholas Bachmann (Mar 06)
- FW: How to cope with, uhm, "mentally challenged" abuse personnel? Tyrannis Von Nettesheim (Mar 05)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Ralf G. R. Bergs (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Travis Pugh (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Justin Shore (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Utopian Admin (Mar 03)