Home page logo
/

basics logo Security Basics mailing list archives

Reporting Abuse tips?
From: dynetworks () hotmail com
Date: 4 May 2010 14:21:18 -0000

Hello group!

I’ve already read some things around the net-but wanted some real answers from people that have had to do it.

Relating to incident response, how do you usually contact an offending host?  And when you do, what do you usually 
say/not say?  Now I know you’re thinking “Well that depends on what’s happening!!”…

So I’ll give you one example to reply with (and you’re free to run with more):

I check logs for a few different clients and one had strange activity over the weekend.  A lot of Active Directory 
query attempts as well as VNC attempts, RDP attempts, and other various queries (all denied).  Basically it was a very 
thorough ‘scan’ but I could see some intelligence on the other side.  No need to go into depth on that…yes, it ‘could’ 
have been a well designed script, but I’d rather not debate about that honestly.  This went on for about an hour on 
Saturday morning, again at night, and for a few hours on Sunday.  It all came from one IP address.  After some more 
forensics, this same IP has done some pings, port scans in the past.  I didn’t consider this an incident, considering 
it’s the internet after all.  

The IP address is from America - so I’m personally willing to devote some time into notifying the host and trying to 
make sure it doesn’t happen again.  I checked with the customer and they have never heard of this person/company.  

Now that we’ve got some context – I have an email and phone number.  How would you proceed?

Thanks for any tips in advance!

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault