Re: ISP abuse reporting template

[rohnskii () gmail com]

Generically, you are talking about part of Incident Response.  Search for that.

I don't have a form specific, but some of the info you want to include:

Your contact info
  - name, phone, email, IP address being attacked

- Dates and exact timestamps for each incident
- if you are using a timesync service from the internet, that would help too (you want to be able to coordinate your 
and their timestamps exactly.
- copies of packets in suspected attack, including full header info



Specifically, here are some links to check out:

http://www.first.org/about/ - the Forum of Incident Response and Security Teams.

http://www.informit.com/articles/article.aspx?p=21334&rl=1 - What to Do After the Break-in: Preparing an Incident 
Report for Law Enforcement.  This short article is focused on the cops, but much of it would be relevant to ISP

https://www.cert.org/reporting/incident_form.txt - CERT Incident reporting "form", covers part of info you need

https://irf.cc.cert.org/ - CERT online reporting system

http://www.forensicfocus.com/dim-incident-management-tool - I think you will find useful info here

Special Publication 800-61 - Computer Security 
Incident Handling Guide (148 pages of IR)