Security Incidents mailing list archives
RE: Proper ISP Reporting
From: "Ramki B" <bramkie () gmail com>
Date: Wed, 17 Aug 2005 10:02:52 +0530
Hi They generally tend to ignore mail which has incomplete information, so far my experiences have always brought in results, Abuse's generally found are, Spam and Malicious activity like Hacking attempts, Trojans etc. If you are talking about spam, do some investigation using available tools like: http://abuse.net/tools.html SamSpade is a good tool and as far as I know there is no specific format for reporting except that the mail should contain maximum information and the mail headers and should be in plain text. If you are talking about some malicious activity targeting your network: 1. Find out details of the origin like their ISP, IP address, Source port, Destination port etc..and collect as much information as you can about the activity and the originating network. 2. Write an email the ISP of the originating Network/domain describing your observation and tell them how it is seen as a threat to your network and include the details you had dug up. 3. Most networks/domains have a email ID to which you can direct your concerns, complaints etc. write to them also. But generally mail to the ISP works, these sites can help you in this: http://www.arin.net/whois/ http://www.arin.net/abuse.html http://www.iana.org/assignments/port-numbers Hope this helps.. Regards Ramki B -----Original Message----- From: Jason Burton [mailto:jab () leximedia net] Sent: Wednesday, August 17, 2005 7:32 AM To: incidents () securityfocus com Subject: Proper ISP Reporting Anyone have samples of how to properly report to ISP's regarding abuse? ie. What format the email should be in, sample phrases, or sentences that might help. I've been doing this for a while and while some work, some have not. Im wondering if anyone has examples. Thanks Jason Burton Leximedia LLC jab () leximedia net
Current thread:
- Proper ISP Reporting Jason Burton (Aug 16)
- Re: Proper ISP Reporting chip (Aug 17)
- RE: Proper ISP Reporting Ramki B (Aug 17)
- Re: Proper ISP Reporting Rod Barnhart (Aug 17)
- Re: Proper ISP Reporting Valdis . Kletnieks (Aug 17)
- RE: Proper ISP Reporting Lyal Collins (Aug 17)
- <Possible follow-ups>
- Re: Proper ISP Reporting Brandon Butterworth (Aug 17)
- Re: Proper ISP Reporting Leif Ericksen (Aug 19)
- Re: Proper ISP Reporting Valdis . Kletnieks (Aug 22)
- Re: Proper ISP Reporting Leif Ericksen (Aug 19)
- RE: Proper ISP Reporting Lepich, Jesse A Mr GLWACH (Aug 17)
- RE: Proper ISP Reporting McKinley, Jackson (Aug 18)
- RE: Proper ISP Reporting Scott Fuhriman (Aug 19)
- Re: Proper ISP Reporting Dennis Willson (Aug 22)
- RE: Proper ISP Reporting Scott Fuhriman (Aug 19)
(Thread continues...)