[Dshield] Contacting ISP's to report hack attempts - any luck ?

David Hart DavidHart at TQMcube.com
Wed Jan 14 18:14:55 GMT 2004


On Wed, 2004-01-14 at 12:41, Johannes B. Ullrich wrote:

> maybe add a 'translation' of your log. There are hundreds of different
> formats. I should post the template again that we are using for our
> messages. But ask Wayne, our cvtwin maintainer, how hard it can be to
> make sense of some of these logs. Portsentry is not bad (IMHO). But
> still, think about the poor abuse desk guy and give them some hints ;-)
> 

I have been doing this for some time and use a script. I have found that
I get a better response if I put the IP in the subject line. Also
"Possibly Infected Host - xxx.xxx.xxx.xxx" does better than "Network
Abuse." Make sure that your local time zone is in the body of the
message. Finally, try security at ISP.TLD first instead of abuse.

                               ---------
            Quality Management - A Commitment to Excellence
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040114/0ef944fd/attachment.bin


More information about the list mailing list