> David Lang <[EMAIL PROTECTED]> writes:
> > logs are showing me and am looking for suitable boilerplate to use when
> > notifying an ISP that one of their customers machines was used to scan my
> > systems.
>
> Are you actually planning on complaining about SCANS?
Probably depends on the scan and the ISP. If it does warrant a
complaint you might want to CC [EMAIL PROTECTED] and, optionally, the
upstream ISP as well. Here's one example.
----------------------------------------------------------------------
Date: Mon, 20 Nov 2000 08:59:59 -0800 (PST)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: HACKER/SCANNER Complaint Re: 24.14.54.250 ARIN:RDC1-OK-2
Please do something about the hacker/scanner on your network. We
program our customer routers with filters for all known hacker
subnets. This IP subnet may be/remain filtered until we've received
assurance that the problem has been dealt with.
Thanks in advance for your reply.
>
>Nov 20 06:17:57 PST Connection attempt to UDP 10.10.10.10:407 from 24.14.54.250:49244
>Nov 20 06:17:57 PST Connection attempt to UDP 10.10.10.11:407 from 24.14.54.250:49244
>Nov 20 06:17:57 PST Connection attempt to UDP 10.10.10.15:407 from 24.14.54.250:49244
>Nov 20 06:17:57 PST Connection attempt to UDP 10.10.10.16:407 from 24.14.54.250:49244
>Nov 20 06:17:57 PST Connection attempt to UDP 10.10.10.16:1419 from 24.14.54.250:49244
>Nov 20 06:17:57 PST Connection attempt to UDP 10.10.10.20:1419 from 24.14.54.250:49244
>Nov 20 06:17:57 PST Connection attempt to UDP 10.10.10.21:407 from 24.14.54.250:49244
>...
----------------------------------------------------------------------
--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
