nanog mailing list archives
EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx
From: Alex Rubenstein <alex () nac net>
Date: Fri, 26 Oct 2001 09:03:01 -0400 (Eastern Daylight Time)
Pursuant to my previous post, I just rec'd this. Not exactly the same, but very similar. Kind of my point; SO WHAT THAT THIS PERSON WAS SCANNED? Is scanning actually an illegal activity? Was anything actually hacked, cracked, or 0wn3d? It's an absurd waste of resources to be emailed by automagic systems every time someone sends a stray packet. -- Alex Rubenstein, AR97, K2AHR, alex () nac net, latency, Al Reuben -- -- Net Access Corporation, 800-NET-ME-36, http://www.nac.net -- ---------- Forwarded message ---------- Date: Fri, 26 Oct 2001 04:50:27 -0600 (MDT) From: Super-User <root () xx xx net> To: "dnsadmin () NAC NET" <dnsadmin () NAC NET> Subject: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx ### This email was generated by so-and-so Canada's network intrusion detection system. Please forward to your Internet security personnel if you are not the appropriate person to receive this notice. so-and-so Canada, located in Calgary, Alberta Canada, wishes to inform you that we experienced a probe or scan from your IP space. LOGGED INFORMATION: -------------------------- Source: 209.123.x.229 Destination: Host-x.x.19.254 Date: 26Oct2001 Time: 4:50:23 (Local Calgary Time GMT-7) Service/Protocol: http -------------------------- This notification has been sent to: alex () NAC NET dnsadmin () NAC NET abuse () NAC NET Because we view this activity as possible intent to breach security, we ask you to review your logs and take appropriate action against the offending party responsible for this suspicious activity. Please respond to xx () xx net for any issues concerning this. You may also visit our Intrusion Detection Information website at: http://x.x.19.11/intrusion_detection Thank you. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jim bleh Senior Unix Network Analyst xxx Canada Calgary, AB Canada (403) xxx-yyyy
Current thread:
- EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Alex Rubenstein (Oct 26)
- Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Valdis . Kletnieks (Oct 26)
- RE: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Vivien M. (Oct 26)
- Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Dan Hollis (Oct 26)
- Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Alex Rubenstein (Oct 26)
- Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Christopher A. Woodfield (Oct 26)
- Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Alex Rubenstein (Oct 26)
- Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Adam McKenna (Oct 26)
- <Possible follow-ups>
- Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Dan Hollis (Oct 26)