Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Template Admin Notification)

From: David Kennedy CISSP <david.kennedy () ACM ORG>
Date: Wed, 24 Jan 2001 12:49:32 -0500
-----BEGIN PGP SIGNED MESSAGE-----

At 08:09 AM 1/24/01 -0800, Alfred Huger wrote:

Does anyone on the list have a default template email they use to
notify admins of attacks from their networks?


Subject: Security Probe Report

One of my systems received a probe **** that appeared to come from a
system on a network for which you may have responsibility.  This may
be an acceptable use policy/terms of service violation and you may
choose to inquire and act as you see fit.  I do not expect a reply.

This is my log entry:

Date:
Time:
Attack Type:
Intruder IP:
Intruder Name:
Source Port:
Victim IP:
Destination Port:

(**** is a place holder for a brief characterization of the probe, eg
nmap scan, RPC port probe, portscan etc.)


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: How long has it been since you backed up your hard drive?

iQCVAwUBOm8VqvGfiIQsciJtAQFoCgP/XEdIvcVs8KnZNiwOPqUKudGWJ7pI70G4
TjXSokPe3VWMOZdNLIzShlj9zy315lBy/hcREgqx+DIsGWk0fThEzOc1JRIg5y2f
2S4T64QKSQOcuC5wp6TxZWoH8GBPKN58VW90YuI52/1oc6kwDzPYCv2TjpqhR7TT
3xLN5m8KBYQ=
=cwee
-----END PGP SIGNATURE-----

--
Regards,

David Kennedy CISSP
Director of Research Services, TruSecure Corp. http://www.trusecure.com
Protect what you connect.
Look both ways before crossing the Net.
Previous By Date Next
Previous By Thread Next

Current thread: