[c-nsp] Suspicious packets isp PoS int.

[Gert Doering]

Hi,

On Wed, Sep 15, 2004 at 03:45:47PM +0200, Karim Adel wrote:
> being a good net citizen, should i report to these malicious peoples ,
> or that would be with no use,

This is likely not maliciousness, just ignorance about security issues -
chances are high that these are just virus-infected end user PCs.

Sometimes notifying them (or their ISP) of the infection gets things
cleaned up very quickly (thanks, all of you that read this :) ), and
sometimes it's just ignored - which can be quite frustrating.

> Do you have nice prof. form, i can talk to others ISPs when reporting
> incidents or so,

Nothing standardized, really.  Usually I lookup the contact address
from whois, and then send out a report containing part of the cisco
log, or with tcpdump output (depending on the source of the data).

I usually only send reports if someone sends a real high amount of
packets (like "more than 100 in quick succession"), because otherwise
it would just be overwhelming.

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de