From fc@all.netThu Mar 14 01:55:37 1996 Date: Sat, 9 Mar 1996 16:16:33 -0500 (EST) From: Fred Cohen To: cert@cert.org Cc: panzer@dhp.com Subject: Re: Attempted-entry-in.telnetd-by-unknown@dhp.com (fwd) The systems administrator at the following site is apparently a party to the attmpted entry to our site reported below. What is the procedure for contacting federal authorities to investigate attempted breakins to Federal Interest Computers? Forwarded message: > From admin@dhp.com Sat Mar 9 16:11:03 1996 > Date: Sat, 9 Mar 1996 16:11:57 -0500 (EST) > From: DHP Administrator > To: root > Subject: Re: Attempted-entry-in.telnetd-by-unknown@dhp.com > In-Reply-To: <9603090948.AA25300@all.net> > Message-Id: > Mime-Version: 1.0 > Content-Type: TEXT/PLAIN; charset=US-ASCII > > On Sat, 9 Mar 1996, root wrote: > > A user at your site has just attempted to telnet into our site without > > proper authorization. We consider this inappropriate behavior and would > > like an explanation of this action as soon as possible. > > > > This message is generated automatically at the time of the attempted > > entry and is sent to our administrators and the postmaster at the > > machine making the attempt. We have included any information provided > > by your ident daemon (if in use) on the subject line of this message. > > We also do a reverse finger for future reference. > > > > Fred Cohen - fc@all.net - tel:US+216-686-0090 > > A user at your site has just attempted to finger into our site without > proper authorization. We consider this inappropriate behavior and would > like an explanation of this action as soon as possible. > > Please refrain from such a waste of bandwidth in the future. Setting > alarms off with a telnet is both stupid, and most likely to get people in > trouble for no proper reason. > > -Matt (panzer@dhp.com) > > > > > > -> See: Info-Sec Heaven at URL http://all.net/ Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236