RE: Proper ISP Reporting

["Ramki B" <bramkie () gmail com>]

Hi

They generally tend to ignore mail which has incomplete information, so far
my experiences have always brought in results, Abuse's generally found are,
Spam and Malicious activity like Hacking attempts, Trojans etc. 

If you are talking about spam, do some investigation using available tools
like:

http://abuse.net/tools.html 

SamSpade is a good tool and as far as I know there is no specific format for
reporting except that the mail should contain maximum information and the
mail headers and should be in plain text.


If you are talking about some malicious activity targeting your network:

1. Find out details of the origin like their ISP, IP address, Source port,
Destination port etc..and collect as much information as you can about the
activity and the originating network.

2. Write an email the ISP of the originating Network/domain describing your
observation and tell them how it is seen as a threat to your network and
include the details you had dug up.

3.  Most networks/domains have a email ID to which you can direct your
concerns, complaints etc. write to them also. 

But generally mail to the ISP works, these sites can help you in this:

http://www.arin.net/whois/
http://www.arin.net/abuse.html
http://www.iana.org/assignments/port-numbers

Hope this helps..

Regards
Ramki B 

-----Original Message-----
From: Jason Burton [mailto:jab () leximedia net] 
Sent: Wednesday, August 17, 2005 7:32 AM
To: incidents () securityfocus com
Subject: Proper ISP Reporting

Anyone have samples of how to properly report to ISP's regarding abuse?
 
ie. What format the email should be in, sample phrases, or sentences that
might help. I've been doing this for a while and while some work, some have
not. Im wondering if anyone has examples.
 
Thanks
 
Jason Burton
Leximedia LLC
jab () leximedia net