Good point.
Hadn't thought of that.
Cheers
Tim
-----Original Message-----
From: Rick McMaster [mailto:[EMAIL PROTECTED]]
Sent: 09 August 2000 14:14
To: Chilton Tim
Cc: [EMAIL PROTECTED]
Subject: RE: [FW1] How to identify who's knocking at the door
When responding to a scan like that, you should try to contact the remote
system
administrator via telephone and not email. If the system has been
compromised
and someone is using it as a launch point, the only likely response you will
get
back via email will be one from the person who hacked the machine. I always
try
to contact the people via phone and usually get the expected response of
thanks
for letting me know I have been hacked.
Rick McMaster
CCSE
|--------+----------------------->
| | Chilton Tim |
| | <tim.chilton@|
| | capco.com> |
| | |
| | 08/09/2000 |
| | 05:41 AM |
| | |
|--------+----------------------->
>---------------------------------------------------------------------------
-|
|
|
| To: [EMAIL PROTECTED]
|
| cc: (bcc: Rick McMaster/ISS/HQ/FHLMC)
|
| Subject: RE: [FW1] How to identify who's knocking at the door
|
>---------------------------------------------------------------------------
-|
Thanks to all those who responded
I now have a couple of addresses and more importantly the answer.
E-mails to abuse addresses (our ISP and theirs), plus the remote sysadmin
are out, just wait for a response or the real attack I guess ! :->
To help others here's the list of links for lookups :-
http://www.samspade.org
http://network-tools.com
http://www.arin.net/whois/arinwhois.html
Cheers
Tim
************************************************************************
The information in this email is confidential and is intended solely
for the addressee(s).
Access to this email by anyone else is unauthorised. If you are not
an intended recipient, you must not read, use or disseminate the
information contained in the email.
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of
The Capital Markets Company.
http://www.capco.com
***********************************************************************
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
************************************************************************
The information in this email is confidential and is intended solely
for the addressee(s).
Access to this email by anyone else is unauthorised. If you are not
an intended recipient, you must not read, use or disseminate the
information contained in the email.
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of
The Capital Markets Company.
http://www.capco.com
***********************************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
