Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: auto-reporting to ISPs

From: webhunter () CGOCABLE CA (WebHunter)
Date: Thu, 2 Mar 2000 10:56:23 -0500

Hello,
            I'm working at a I.S.P. in Québec and this kind of feature will
be good because many user dont know how to report a attack but i was
thinking more like you clic on the intruder with the right button of the
mouse and in menu you have the feature "report the intruder" that make a
custom e-mail with all the attack that was attemp by this user a log of that
will be sent with e-mail with all information and the evidence log. The user
will just have to put the e-mail address of is choice to report that
intruder to match the isp of the intruder and may be a copy to is own isp

_________________________________
Christian Lefebvre
Préposé Multimédia
Service Internet Rapidus de Cogéco Cable
Tél.: (819) 375-7274
Tél.: 1-877-727-4387
http://www.rapidus.net/
E-Mail: tribune.client () cgocable ca

-----Message d'origine-----
De: Robert Graham <bugtraq () NETWORKICE COM>
À: INCIDENTS () SECURITYFOCUS COM <INCIDENTS () SECURITYFOCUS COM>
Date: 2 mars, 2000 03:14
Objet: auto-reporting to ISPs


Below is an e-mail from a customer who would like to see us add an
auto-email feature to our product in order to notify the ISP of the
offending hacker. This is pretty funny because we've already seen some
complaints by ISPs from such a feature in other products appear on this

list

over the past couple of days.

Could abuse@isp people please send me e-mail:
* what is the proper way a product like BlackICE Defender should assist the
user in reporting such events?
* what should I tell this user about why we haven't put such a simple
feature into the product?

Thanks,
Robert Graham
CTO/Network ICE


-----Original Message-----
From: <namedeleted>@home.com
Sent: Friday, February 25, 2000 7:24 AM
To: webmaster () networkice com
Subject: knowledge base


I think your knowledge base is quite well written
however on several questions you have said this is
a common occurrance by hackers and should not be
of concern.  If it is common, shouldn't it be
referred to someone for some sort of action?  A
hacker scanning for a trojan is like a kid checking
the locks on store doors after dark or a drunk
checking his pockets for car keys, maybe not illegal
but the next step will be.  Consider adding to your fine
program a e-mail form where after checking the
domain out, a e-mail can be set to the ISP describing
the action (and if it did an autolookup with internic
then it would be really slick)
Previous By Date Next
Previous By Thread Next

Current thread: