--On 05/07/2001 4:14 PM -0400 Rob Serfozo wrote:
} Does anyone on the list have any suggestions on a letter to send to ISP's
} concerning improper attempts to access our systems over the internet. We
} see numerous attempts in system logs and can track it to a ISP, but not sure
} what, if any steps we should take then. Any advice.
Here's mine. It goes to the registered contact(s) for the domain
the attempt apparently originated from.
=====================================================================
You are receiving this notice as the contact for the domain "XXXXXXX".
Today, {date} at {time} PST, our corporate network was scanned for XXXX
vulnerability by a machine in the "XXXXXX" domain.
The first and last packets of this scan are shown below:
Times are PST, and are accurate.
The machine conducting this scan was:
We regard such automated scans as an attempted breakin, and strongly
discourage you from permitting such attempts to be made from your
domain.
We recognize that IP source addresses can be forged, and that
this incident may not have originated from the listed IP address.
If this is the case, please be advised that a machine in your
network has had its IP address forged by an unknown user.
If this incident in fact originated from the listed machine,
please assure that your customers and users understand and abide
by your AUP relating to potentially harmful and/or illegal use
of their connection.
=====================================================================
I usually copy CERT on these...but that's only so if it's part
of a widespread attack, they'll have more data.
Jim
--
Jim Watt [EMAIL PROTECTED]
Applied Biosystems Voice (desk): +1 408 577 2228
Informatics Fax: +1 408 894 9307
3833 North First Street Voice (main): +1 408 577 2200
San Jose CA 95134-1701
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
