Security Incidents mailing list archives
Re: auto-reporting to ISPs
From: webhunter () CGOCABLE CA (WebHunter)
Date: Thu, 2 Mar 2000 10:56:23 -0500
Hello, I'm working at a I.S.P. in Québec and this kind of feature will be good because many user dont know how to report a attack but i was thinking more like you clic on the intruder with the right button of the mouse and in menu you have the feature "report the intruder" that make a custom e-mail with all the attack that was attemp by this user a log of that will be sent with e-mail with all information and the evidence log. The user will just have to put the e-mail address of is choice to report that intruder to match the isp of the intruder and may be a copy to is own isp _________________________________ Christian Lefebvre Préposé Multimédia Service Internet Rapidus de Cogéco Cable Tél.: (819) 375-7274 Tél.: 1-877-727-4387 http://www.rapidus.net/ E-Mail: tribune.client () cgocable ca -----Message d'origine----- De: Robert Graham <bugtraq () NETWORKICE COM> À: INCIDENTS () SECURITYFOCUS COM <INCIDENTS () SECURITYFOCUS COM> Date: 2 mars, 2000 03:14 Objet: auto-reporting to ISPs
Below is an e-mail from a customer who would like to see us add an auto-email feature to our product in order to notify the ISP of the offending hacker. This is pretty funny because we've already seen some complaints by ISPs from such a feature in other products appear on this
list
over the past couple of days. Could abuse@isp people please send me e-mail: * what is the proper way a product like BlackICE Defender should assist the user in reporting such events? * what should I tell this user about why we haven't put such a simple feature into the product? Thanks, Robert Graham CTO/Network ICE -----Original Message----- From: <namedeleted>@home.com Sent: Friday, February 25, 2000 7:24 AM To: webmaster () networkice com Subject: knowledge base I think your knowledge base is quite well written however on several questions you have said this is a common occurrance by hackers and should not be of concern. If it is common, shouldn't it be referred to someone for some sort of action? A hacker scanning for a trojan is like a kid checking the locks on store doors after dark or a drunk checking his pockets for car keys, maybe not illegal but the next step will be. Consider adding to your fine program a e-mail form where after checking the domain out, a e-mail can be set to the ISP describing the action (and if it did an autolookup with internic then it would be really slick)
Current thread:
- Re: auto-reporting to ISPs WebHunter (Mar 02)