[Dshield] Contacting ISP's to report hack attempts - any luck ?

Pete Cap peteoutside at yahoo.com
Wed Jan 14 18:51:10 GMT 2004


I concur.  In order to get any kind of response out of "vanilla" (non-security-paranoid) IT types you will have to do primary analysis and explain the significance of the incident.  I typically have to beat them over the head with an issue for them to understand why they should come down on a malicious user on their service, even if I HAVE blocked the IP.
 
Regards,
Pete

"Johannes B. Ullrich" <jullrich at sans.org> wrote:
maybe add a 'translation' of your log. There are hundreds of different
formats. I should post the template again that we are using for our
messages. But ask Wayne, our cvtwin maintainer, how hard it can be to
make sense of some of these logs. Portsentry is not bad (IMHO). But
still, think about the poor abuse desk guy and give them some hints ;-)

(e.g. say 
Target IP Address: 1.2.3.4
Source IP Address: 64.222.46.166
Targetport: 80
Time: Jan 13th 21:54:56 (UTC)

---------------------------------
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes


More information about the list mailing list