OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: Proper ISP Reporting

From: Brandon Butterworth (brandonrd.bbc.co.uk)
Date: Wed Aug 17 2005 - 02:20:56 CDT


> ie. What format the email should be in, sample phrases, or
> sentences that might help.

Keep it neutral, simple and informative.

Don't threaten or tell them how evil they are, you want their
cooperation

Only tell them about things they can do something about

Include all evidence, don't anonymise it.

If you don't understand the evidence research it first,
it may not be their fault. Ask the vendor of whatver tool
reported the problem - you paid them not the ISP so they should
be your first call.

> I've been doing this for a while and while some work, some have
> not. Im wondering if anyone has examples.

We get lots from people running scripts automatically. Almost
all are a waste of our time and may cause us to miss a genuine
report.

Common useless reports include -

Reporting 419s or spam that refer to our web sites or include our
domains/ip addresses as strings in the headers. The 419ers are dumb
enough to send the same scams to us so we don't need you to tell
us what they sent you.

Reporting viruses we didn't send - doubly annoying to those of us not
running commonly susceptible systems, we get the virus anyway from
people forwarding or bouncing them to us. If your AV system doesn't
know a virus forges the sender then get a new one as it's broken,
if it emails a forged sender then disable all email to third
parties as your reports will be still be ignored should you eventually
get a proper one.

Reporting our web site/dns server/streaming media server
dossed you with 3 packets, is trying to take over your computer,
probed your firewall, invaded your privacy.

regards,
brandon