Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Jay D. Dyson (jdysonTREACHERY.NET)
Date: Wed Jan 24 2001 - 15:43:47 CST
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 24 Jan 2001, Alfred Huger wrote:
> Does anyone on the list have a default template email they use to notify
> admins of attacks from their networks?
> I would be interested in seeing them posted to the list (or to myself
> directly if that's not possible).
My template is pretty sparse compared to some. I stick with a
"Jack Webb" approach (Just the facts, ma'am).
I first receive the notice myself and, based on the severity of
the scan or earnest nature of the attack, decide whether to forward it
directly to the postmaster, abuse and security contacts, as well as
those designated in the ARIN, APNIC, RIPE (et al) database.
As an example, I scanned an internal system and generated this
On Wed Jan 24 13:12:06 2001, the following scan was noted:
Connect from host: 192.168.10.201/192.168.10.201 to TCP port: 23
Connect from host: 192.168.10.201/192.168.10.201 to TCP port: 79
Connect from host: 192.168.10.201/192.168.10.201 to TCP port: 81
Connect from host: 192.168.10.201/192.168.10.201 to TCP port: 109
Connect from host: 192.168.10.201/192.168.10.201 to UDP port: 161
The owner of the offending network is identified in ARIN as:
Internet Assigned Numbers Authority
Information Sciences Institute
University of Southern California
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6695
Netblock: 192.168.0.0 - 192.168.255.255
Internet Corporation for Assigned Names and Numbers (IANA-ARIN) ianaIANA.ORG
Domain System inverse mapping provided by:
These blocks are reserved for special purposes.
Please see RFC 1918 for additional information.
Record last updated on 30-Aug-2000.
Database last updated on 24-Jan-2001 07:54:28 EDT.
The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.
)) .-- "There's always time for a good cup of coffee" --. >===<--.
C|~~| (>------- Jay D. Dyson -- jdysontreachery.net -------<) | = |-'
`--' `------ ...You can have my absence of faith... ------' `-----'
-----BEGIN PGP SIGNATURE-----
Comment: E-mail me for my PGP Public Key.
-----END PGP SIGNATURE-----