is this an attack attempt?

Aaron Howell aaron at kitten.net.au
Sun Jun 9 22:30:33 EDT 2002 

99% of isps will accept just an email describing the situation and including a cut and paste of the log
(don't attach it as many abuse processors strip attachments automatically, include it in the body of your email).
The most important thing when submitting a report is to insure you include your timezone,
otherwise they'll have no way of relating what you're reporting to their user access logs.
Keep your original email though, as some isps will reply with an automatic response and ask you to send security related incident reports to a different address for higher priority attention.
Regards
Aaron
On Sun, Jun 09, 2002 at 09:02:31PM -0500, Gregory Nowak wrote:
> Thanks Aaron. Does this report to the isp of their customers' doings need to be in some sort of special format with a special subject line, or is it just supposed to be an plain e-mail describing what's been happening along with the relevant parts of the logs?
> Greg
> 
> 
> On Mon, Jun 10, 2002 at 10:29:33AM +1000, Aaron Howell wrote:
> > Its an attack attempt all right, but nothing you need to worry about.
> > Its an attempt to exploit a buffer overflow (of which there are thousands) in Internet Information Services (the default windows web server).
> > It is likely that the person (or persons) launching this attack are simply scanning for any open web server and then trying that query,
> > the fact that you're running Linux, not Windows, and are thus immune probably isn't important to them.
> > The best way of dealing with activity like this is to cut the relevant bits of your log out,
> > find out the isp that owns the block of ips from which the attack originates,
> > and send your logs (along with your timezone so they can match against their records) to abuse at that.isp.
> > That's usually enough to get the offenders' account shut down.
> > Regards
> > Aaron
> 
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
     +----------------------------------------------------------+
    /             |\      _,,,---,,_                           /|
   /              /,`.-'`'    -.  ;-;;,_                      / |
  /              |,4-  ) )-,_. ,\ (  `'-'                    /  |
 /             '---''(_/--'  `-'\_)                         /   |
+----------------------------------------------------------+    |
| Aaron Howell                  Kitten Internet            |    |
| aaron at kitten.net.au           Internet consultancy,      |    |
| Phone: +61-417-625550         System administration,     |    |
| fax: +61-7-36010099           system design/integration. |    |
| icq: 6715521                  http://www.kitten.net.au   |    |
|                                                          |    |
|                                                          |    +
|                                                          |   /
|                                                          |  /
|                                                          | /
|                                                          |/
+----------------------------------------------------------+

More information about the Speakup mailing list