427 Botnet fm qxd

(see www.arin.net/community/index.html).The person sending the complaint
determines an IP address and sends e-mail to complain about the malefactors,
mentioning the IP address in the domain. In general, you should send that e-
mail to abuse@
somedomain,
if that handle exists in the WHOIS information
database.You want to use more general contacts than particular names simply
because particular names might be wrong or those people on vacation, and
more general names (
admin, noc, abuse
) might go to more people (such as
someone who is awake). We will return to this subject later in the chapter.
In the meantime, assume that your network is 192.168.0.0/16. Also
assume you are an abuse admin (or the head network person) at Enormous
State University and you have this particularly lovely e-mail waiting for you
in your in-basket one morning:
Subject: 192.168.249.146 is listed as exploited.lsass.org
From: Nancy Netadmin 
To: abuse@enormoussu.edu
Cc: abuse@bigisp.net
Content-Type: text/plain
X-Virus-Scaned: by amavisd-new
ESU Abuse:
It was recently brought to our attention that exploited.lsass.org has an
A record pointing to 192.168.249.146. Please note that we sent an email
on January 16, 2005 at 00:27 regarding this same host and its botnet
activity. We have yet to receive a response to that message.
Please investigate ASAP and follow up to abuse@bigisp.net. Thank you.
$ dig exploited.lsass.org
; <<>> DiG 9.2.3 <<>> exploited.lsass.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46001
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 1

Download 6,98 Mb.

Do'stlaringiz bilan baham: