Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Template Admin Notification

From: Jim Littlefield <little () HKS COM>
Date: Wed, 24 Jan 2001 15:20:14 -0500
On Wed, Jan 24, 2001 at 12:56:57PM -0600, Robert G. Ferrell wrote:

Does anyone on the list have a default template email they use to notify
admins of attacks from their networks?


Here is an example of what we use:

On January 22, 2001, beginning at 16:23:38 EDT, someone connecting from
64-32-209-213.nyc1.phoenixdsl.net (64.32.209.213) made a scan of our
network. The source address belongs to a netblock assigned to Phoenix Data
Systems. I have included a copy of the logs from our firewall at the end
of this message.

We take network security very seriously and would like an explanation as
to why this scanning took place and what steps you will take to prevent
this from occurring in the future. Your prompt attention to this matter is
appreciated.


--
Jim Littlefield              "If all the nations in the world are
                              in debt, where did all the money
                              go?" - Steven Wright
Previous By Date Next
Previous By Thread Next

Current thread: